Macos: 10.15.7 Safari: Version 14.0 (15610.1.28.1.9, 15610) A pdf served with Content-Security-Policy header to "default-src 'none'; style-src 'self' 'unsafe-inline';" is not displayed in Safari. It complains about not having 'object-src' set to 'self'. This header works fine in Chrome, Edge, Firefox ... Is it something that will be fixed or is it the intended behavior ? thanks.
This seems unlikely to be intended if it's different from other browsers. Probably an artifact of having PDF loading implemented using plugin code paths.
Kate, is this related to https://trac.webkit.org/changeset/271650/webkit?
(or maybe a dupe of it?)
It looks related indeed. Sorry I didn't find the ticket. Is the patch in 14.0.3 or do I need to get the nightly to test this ?
(In reply to alexandre robuchon from comment #4) > It looks related indeed. Sorry I didn't find the ticket. > > > Is the patch in 14.0.3 or do I need to get the nightly to test this ? You should be able to test it using the latest Safari Technology Preview (https://developer.apple.com/safari/technology-preview/).
It works like a charm. No plugin error.
*** This bug has been marked as a duplicate of bug 220665 ***