Issue metadata
Sign in to add a comment
|
Since Chrome 68.x, our customer cannot download PDF files.
Reported by
patrickf...@gmail.com,
Aug 22
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Steps to reproduce the problem: Use this site https://smart911.rave411.com/rcv/login with these creds: chrome / Chromepass! Please enable the chrome option "Download PDF files instead of automatically opening them in Chrome" under PDF documents. 1)When in click on a ticket from the ticket list on the left side of the page. 2)This will open a smartlet in the middle of the page. (Header of smartlet is Smart911 Profile. 3)On the addresses section of the smartlet, click on first address (74 Winslow ave) which will display meta data for that address. 4) Click the "view uploads document" link next to the label "Building Plans", this will download a pdf file. 5)Click the large "CLOSE DOCUMENT" button. What is the expected behavior? PDF downloads to the /downloads folder. What went wrong? Content Security Policy that worked in Chrome 67.x and prior can download the PDF where since chrome 68.x our Content Security Policy is blocking. We have tried to adjust our Content Security Policy but have not come up with a policy to stay secure and allow the PDF to download. Did this work before? Yes Chrome 67.x and prior, broke in 68.x Does this work in other browsers? No I am getting a Content Security Policy error while trying to download a PDF from our product. Chrome version: 68.0.3440.106 Channel: stable OS Version: 10.0 Flash Version:
,
Aug 22
Content-Security-Policy: default-src 'self'; font-src 'self' data: *.gstatic.com; frame-src 'self' data: blob: www.nbcnews.com www.youtube.com; connect-src 'self' *.mapbox.com wss://smart911.rave411.com translate.googleapis.com; child-src 'self' *.youtube.com wss://smart911.rave411.com; object-src 'self' blob: data: smart911.rave411.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src * blob: data: *.mapbox.com *.rave411.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googleapis.com *.mapbox.com www.sc.pages05.net
,
Aug 22
,
Aug 22
Potentially a dupe of Issue 271452
,
Aug 22
The issue started with Chrome 68.x.x and that bug started in 2013 and apparently no solution.
,
Aug 23
,
Aug 23
patrickflaherty1946@ Thanks for the issue. Tried accessing the site https://smart911.rave411.com/rcv/login, but unable to do and 'This site can’t be reached' error is coming up. Attached is the screen shot for reference. Request you to provide a URL which can be accessed by us, which will help in further triaging of the issue. Thanks..
,
Aug 23
the site works for me in Chrome 70.0.3529.3 - I suspect the bug was fixed meanwhile. Andy?
,
Aug 23
@susan.boorgula@chromium.org, we have having intermittent site issues at the moment. Can you retry later in the day?
,
Aug 23
Actually this ticket can be closed. This current ticket was spawned from Issue 872284 . Issue 872284 is my original problem before getting side tracked on this issue to which we fixed our Content Security policy.
,
Aug 28
susan.boorgula@chromium.org can you try and reproduce this problem? Make sure the javascript console is up and the video above shows the steps. Thank you, Patrick |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by patrickf...@gmail.com
, Aug 2230.0 KB
30.0 KB View Download