Discussions

I'm integrating the @heygen/streaming-avatar SDK into a Microsoft Teams custom app, but I'm encountering a critical Content Security Policy (CSP) error that prevents functionality:

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src * 'unsafe-inline'".

I believe the SDK (or a dependency such as ScriptProcessorNode-based audio processing) may be using eval() or similar internally.

I appreciate any guidance or alternatives you can offer. This is a blocker for deployment within Microsoft Teams.