Twitter login fails because 'unsafe-eval' is not an allowed source of script

[shafeekghaseel]

New Issue Checklist

• I am not disclosing a vulnerability.
• I am not just asking a question.
• I have searched through existing issues.
• I can reproduce the issue with the latest version of Parse Server and the Parse Android SDK.

Issue Description

java.lang.RuntimeException: Error in evaluationEvaluation: status: 13 value: {message=Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src https://abs.twimg.com https://abs-0.twimg.com https://twitter.com https://mobile.twitter.com".
} hasMessage: true message: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src https://abs.twimg.com https://abs-0.twimg.com https://twitter.com https://mobile.twitter.com".

Steps to reproduce

Actual Outcome

Expected Outcome

Environment

Parse Android SDK

• SDK version: 2.0.5
• Operating system version: Android 9

Server

• Parse Server version: v3.6.0
• Operating system: FILL_THIS_OUT
• Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): FILL_THIS_OUT

Database

• System (MongoDB or Postgres): FILL_THIS_OUT
• Database version: FILL_THIS_OUT
• Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): FILL_THIS_OUT

Logs

[parse-github-assistant]

Thanks for opening this issue!

• ❌ Please check all required checkboxes at the top, otherwise your issue will be closed.

• ⚠️ Remember that a security vulnerability must only be reported confidentially, see our Security Policy. If you are not sure whether the issue is a security vulnerability, the safest way is to treat it as such and submit it confidentially to us for evaluation.