Reputation: 129
CSP issue in firefox
We are facing issue while exporting documents from our portal which is embedded into an iframe of some external portal.
We see the following error in the console :
Content Security Policy: The page’s settings blocked the loading of a resource at blob:https://abc.def.com/1gg3810-ae25-42ae-ghghb-123456789 (“frame-src”).
This issue comes only in firefox. We are able to export documents in other browsers. We think that the problem comes due to the portal is embedded into an iframe. when we execute the download URL in a separate tab, it allows to download the document.
We are using below CSP policy :
default-src * blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src * data:; img-src * data:; frame-src * blob: data: 'self'; object-src *
Thanks
Upvotes: 2
Views: 1092
Answers (1)
Reputation: 31
I also face this issue when exporting the image in the iframe,usually we export the image by creating a a tag in the documentdocument.createElement('a'),now in order to solve this issue,you need to change the code like window.top.document.createElement("a"),hope it is useful for you.
Upvotes: 3
Related Questions
- how to add Content Security Policy (CSP)
- Content Security Policy: resource blocked but CSP is configured to allow it
- Whats wrong with my CSP? Content Security Policy (CSP) implemented unsafely
- Content Security Policy (CSP) blocking valid nonce in firefox
- Content-Security-Policy errors in Firefox and Chrome
- Javascript bookmarklet on site with CSP in Firefox
- Strange CSP error in Firefox
- Content Security Policy failing on line 1 (Firefox 57.0)
- CSP warning firebug
- CSP Violation Detected in Firefox OS validator