237643 – Security errors when loading PDF documents using PDF.js

Bug 237643 - Security errors when loading PDF documents using PDF.js

Summary: Security errors when loading PDF documents using PDF.js

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	PDF (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:	235969
	Show dependency tree / graph

Reported:	2022-03-09 03:07 PST by Carlos Garcia Campos
Modified:	2023-02-16 12:39 PST (History)
CC List:	3 users (show)

See Also:	251887

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos Garcia Campos 2022-03-09 03:07:18 PST

CONSOLE MESSAGE: webviewerloaded: SecurityError: Blocked a frame with origin "webkit-pdfjs-viewer://pdfjs" from accessing a cross-origin frame. Protocols, domains, and ports must match.

This happens when the pdf viewer is loaded because it tries to dispatch a custom event to the parent document:

function webViewerLoad() {
  const config = getViewerConfiguration();
  const event = document.createEvent("CustomEvent");
  event.initCustomEvent("webviewerloaded", true, true, {
    source: window
  });

  try {
    parent.document.dispatchEvent(event);
  } catch (ex) {
    console.error(`webviewerloaded: ${ex}`);
    document.dispatchEvent(event);
  }

  _app.PDFViewerApplication.run(config);
}

I have no idea why that's done, but I guess it's harmless and doesn't affect any functionality.

CONSOLE MESSAGE: Feature policy 'Fullscreen' check failed for iframe with origin 'webkit-pdfjs-viewer://pdfjs' and allow attribute ''.

This happens when the viewer checks is fullscreen is supported to enable the presentation mode.

Comment 1 Radar WebKit Bug Importer 2022-03-10 10:18:49 PST

<rdar://problem/90106581>