fix: filter CSP unsafe-eval errors (#6397)

* fix: filter CSP errors

* not syntax

* comment

src/tracing/errors.test.ts

@@ -29,4 +29,11 @@ describe('filterKnownErrors', () => {
     const originalException = new SyntaxError("Unexpected token '<'")
     expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
   })
+
+  it('filters CSP unsafe-eval errors', () => {
+    const originalException = new Error(
+      "Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inlin..."
+    )
+    expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
+  })
 })

src/tracing/errors.ts

@@ -46,6 +46,19 @@ export const filterKnownErrors: Required<ClientOptions>['beforeSend'] = (event:
      * Therefore, this can be ignored.
      */
     if (error.message.match(/Unexpected token '<'/)) return null
+
+    /*
+     * Content security policy 'unsafe-eval' errors can be filtered out because there are expected failures.
+     * For example, if a user runs an eval statement in console this error would still get thrown.
+     * TODO(INFRA-176): We should extend this to filter out any type of CSP error.
+     */
+    if (
+      error.message.match(
+        /Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive/
+      )
+    ) {
+      return null
+    }
   }
 
   return event