Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
CSP violations for unsafe-inline in pdfjst-dist@2.2.228
See original GitHub issueAttach (recommended) or Link to PDF file here:
Configuration:
- Chrome Version 76.0.3809.87 (Official Build) (64-bit)
- Ubuntu 18.04.2 LTS (Bionic Beaver)
- PDF.js version: pdfjs-dist
v2.2.228 - Is a browser extension: No
Steps to reproduce the problem:
We have a content security policy that prevents unsafe-inline.
The policy is violated by this line in v2.2.228 Function(“r”, “regeneratorRuntime = r”)(runtime);
Additional info: Similar issue #10229
Issue Analytics
- State:
- Created 4 years ago
- Comments:25 (4 by maintainers)
Top Results From Across the Web
unsafe-inline CSP Guide - Content Security Policy
The unsafe-inline Content Security Policy (CSP) keyword allows the execution of inline scripts or styles. Warning. Except for one very specific case, you...
Read more >getting error content-security-policy error: refused to create ...
I believe the semicolons were missing to separate the font-src , child-src (I suppose childSrc is not correct) and worker-src
Read more >Content Security Policy (CSP) - AppSec Monkey
❌ Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'none'". Either the ' ...
Read more >CONTENT SECURITY POLICY BEST PRACTICES - NCC Group
It is important to note that CSP is a second-line defense ... The same security concerns occur in the use of unsafe-inline for...
Read more >Rendering of PDFs is broken due to Content Security Policy
... 'self' 'unsafe-inline' 'unsafe-eval' https://assets.gitlab-static.net ... _initialize @ pdf.js:2775 i @ pdf.js:2750 i @ pdf.js:2227 load ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I believe that this issue can be closed now, since the upcoming release will feature two kinds of builds:
I don’t really see what PDF.js could do differently here. Even though the comment is clear, we intentionally run PDF.js with strict mode to prevent errors and allow for optimizations. Given that this didn’t happen before and we don’t even use
facebook/regeneratordirectly (but only as a dependency of another package) I would say that those should be patched, unless there is a trivial change we can/need to do on our side, but I don’t know what that would be then…