Closed fabzster closed 4 years ago
I am not sure what CSP has to do with this library?
I am not sure what CSP has to do with this library? Hi
It's seems to be failing because of an inline style
Do you have a PoC?
Proof of concept?
The window that I print to has the following inline style that is created when creating the pdf
<embed style="position:absolute; left: 0; top: 0;" width="100%" height="100%" src="about:blank" type="application/pdf" internalid="4FD5D31FDB5851AB0410B88E2BE4962B">
If I remove the inline style from chrome in the console it corrects the issue.
if the following is done instead of using the inline style, the CSP violation is removed.
.embedStyle {
position:absolute;
left: 0;
top: 0;
width: 100%;
height: 100%;
}
<embed class="embedStyle" src="about:blank" type="application/pdf" internalid="4FD5D31FDB5851AB0410B88E2BE4962B">
Ok, and what exactly give you the impression that the R&OS pdf class is affected or is taking over the role of CSP?
I think it is out of topic, but lets try to fix this.
src
attribute differs from to hosted page?<meta http-equiv="Content-Security-Policy" content="YOUR POLICY" />
already
Hi
I use this to print to pdf in a window, This now only prints in a frame if the policy is in effect.
it fails style-src, but does not give me any other info