Issue metadata
Sign in to add a comment
|
Cannot download documents from an overlay
Reported by
nikhil.v...@sageworks.com,
Mar 16 2018
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 Steps to reproduce the problem: 1. Any document when downloaded from an ifram results in efused to frame 'blob:https://blue.sageworksanalyst.com/7aa0be67-0dd6-4495-abc3-ca43fe51f2f9' because it violates the following Content Security Policy directive: "default-src https: data:". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback. 2. 3. What is the expected behavior? What went wrong? efused to frame 'blob:https://blue.sageworksanalyst.com/7aa0be67-0dd6-4495-abc3-ca43fe51f2f9' because it violates the following Content Security Policy directive: "default-src https: data:". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback. Did this work before? Yes 64 Chrome version: 65.0.3325.162 Channel: stable OS Version: 10.0 Flash Version:
,
Mar 19 2018
,
Mar 19 2018
Thanks for filing the issue! @Reporter: Could you please share a sample test URL/File which helps to triage the issue in a better way. Any further inputs from your end may help us. Adding label Needs-Feedback.
,
Mar 20 2018
,
Mar 22 2018
`blob:` isn't listed in the page's policy (`default-src https: data:`). If you'd like to frame blob resources, you'll need to set a policy that allows it (perhaps `default-src https: blob: data:`, or `default-src https: data:; frame-src blob:`, depending on your needs). |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 Deleted