Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.3k views
in Technique[技术] by (71.8m points)

content security policy - Iframe blocked in safari even after defining CSP in meta

I am trying to load PDF from a cross-origin URL inside Iframe. This is working fine in chrome but the Iframe is blocked in safari. I have defined the CSP policy meta inside the header in my HTML page.

<meta http-equiv="Content-Security-Policy" content="frame-src 'unsafe-inline' 'unsafe-eval' https://*; object-src 'unsafe-inline' 'unsafe-eval' https://*; child-src 'unsafe-inline' 'unsafe-eval' https://*; frame-ancestors 'unsafe-inline' 'unsafe-eval' https://*;" />

Response Header

Accept-Ranges: bytes
Content-Length: 86301
Content-Type: application/pdf
Date: Tue, 29 Dec 2020 13:19:56 GMT
ETag: "1de9dd7edb4cf9f732817f36ef6e03qw"
Last-Modified: Tue, 04 Aug 2020 06:28:49 GMT
Server: AmazonS3
x-amz-id-2: VjaCQFfmFX+8XlGPA7/4r5J4xbfk124lkGeoTQrzxzj59ovj+SLoLSdFz3xZWEQ/FSonArf32w8=
x-amz-request-id: 1e1A8908B9E1e423
x-amz-server-side-encryption: AES256
x-amz-version-id: UUCC4mUIBzmV_CsidGHgXMc0zSWbqRXW

Error Refused to load https://example.com/ad/sd.pdf because it does not appear in the object-src directive of the Content Security Policy.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...