The message: "Content Security Policy: The page settings have blocked the loading of a resource on eval ("script-src"). xajax.js" means that scripts xajax.js and min.php use eval-expressions. Some locks of eval expressions could be fixed if you have control over scripts.
But following message: "Uncaught EvalError: call to eval() blocked by CSP" leave no chances - the call of eval() function require to use 'unsafe-eval' token in the script-src directive.
Therefore you need at least to have: script-src 'self' 'unsafe-inline' 'unsafe-eval'; in the policy
