Opening a PDF embedded in iframe in chrome with content security policy > plugin-types -

-

i have csp (content-security-policy) plugin-types policy set white-list pdf type below. when trying open pdf file in iframe src attribute, working browsers ie 11, , firefox 47+ failing in chrome 50+. else required make working in chrome? 

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self'; frame-src 'self' plugin-types application/pdf;

error in chrome console 

resource interpreted document transferred mime type application/pdf refused load 'http://127.0.0.1/module123/open.do?id=10000' (mime type '') because violates following content security policy directive: 'plugin-types application/pdf'. when enforcing 'plugin-types' directive, plugin's media type must explicitly declared 'type' attribute on containing element (e.g. '<object type="[type goes here]" ...>').

i had similar problem.

to resolve problem, needed add blob: object-src directive.

also, did not need specify plugin-type.

so be:

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' blob:; style-src 'self'; frame-src 'self';


Comments

Post a Comment

Popular posts from this blog

sequelize.js - Sequelize group by with association includes id -

-
so when requesting group sequelize follows: return models.workingcalendar .findall({ attributes: [ 'workingcalendar.periodid', 'workingcalendar.date', 'period.name' ], include: [ { model: models.period, attributes: [] } ], where: { getsudoid: currentgetsudo.id, unitplantid: unitplantid }, group: ['workingcalendar.periodid', 'workingcalendar.date', 'period.name'], }); sequelize run query: select [workingcalendar].[id], [workingcalendar].[periodid], [workingcalendar].[date], [period].[name] [workingcalendars] [workingcalendar] left outer join [periods] [period] on [wor
Read more

android - Robolectric "INTERNET permission is required" -

-
i'm getting error when create activity robolectric: java.lang.illegalargumentexception: internet permission required. this i'm doing: @config(constants = buildconfig.class, sdk = testconfig.min_sdk_unit_tests, manifest = "src/main/androidmanifest.xml") @runwith(robolectricgradletestrunner.class) public class atest { @test public void testtrackdonotaskmeagainselected() throws exception { final anactivity activity = robolectric.buildactivity(anactivity.class).create().get(); } update 1: our current setup, have manifests: app/src/androidtest/androidmanifest.xml app/src/debug/androidmanifest.xml app/src/main/androidmanifest.xml app/src/test/androidmanifest.xml i found debug executed instead of test , that's why permission in app/src/test/androidmanifest.xml ignored. add manifest: <uses-permission android:name="android.permission.internet" />
Read more

java - Android raising EPERM (Operation not permitted) when attempting to send UDP packet after network connection -

-
when responding supplicant_state_changed_action broadcast , attempting send udp packet, exception: java.net.socketexception: sendto failed: eperm (operation not permitted) @ libcore.io.iobridge.maybethrowaftersendto(iobridge.java:542) @ libcore.io.iobridge.sendto(iobridge.java:511) @ java.net.plaindatagramsocketimpl.send(plaindatagramsocketimpl.java:184) @ java.net.datagramsocket.send(datagramsocket.java:305) @ com.mycompany.app.serviceclass.discover(serviceclass.java:355)at com.mycompany.app.serviceclass.access$600(serviceclass.java:39) @ com.mycompany.app.serviceclass$statemachine.run(serviceclass.java:242) @ java.lang.thread.run(thread.java:818) caused by: android.system.errnoexception: sendto failed: eperm (operation not permitted) @ libcore.io.posix.sendtobytes(native method) @ libcore.io.posix.sendto(posix.java:211) @ libcore.io.blockguardos.sendto(blockguardos.java:278) @ libcore.io.iobridge.sendto(iobridge.java:509) @ java.net.plaindat
Read more