try to fix unsafe-eval

app/__init__.py

@@ -150,7 +150,7 @@ def _csp(config):
         "script-src": [
             "'self'",
             asset_domain,
-            "'unsafe-eval'",
+            # "'unsafe-eval'",
             "https://js-agent.newrelic.com",
             "https://gov-bam.nr-data.net",
             "https://www.googletagmanager.com",

notifications_utils/request_helper.py

@@ -80,10 +80,14 @@ def rewrite_response_headers(status, headers, exc_info=None):
             headers.append(("Cross-Origin-Embedder-Policy", "require-corp"))
             headers.append(("Cross-Origin-Resource-Policy", "same-origin"))
             headers.append(("Cross-Origin-Opener-Policy", "same-origin"))
-            headers.append(("Cache-Control", "no-store, no-cache, must-revalidate, proxy-revalidate"))
+            headers.append(
+                (
+                    "Cache-Control",
+                    "no-store, no-cache, must-revalidate, proxy-revalidate",
+                )
+            )
             headers.append(("Pragma", "no-cache"))
 
-
             return start_response(status, headers, exc_info)
 
         return self._app(environ, rewrite_response_headers)