Using back/forward buttons with PDF, and a CSP without connect-src 'self' 
https://bugs.webkit.org/show_bug.cgi?id=277416
Summary Using back/forward buttons with PDF, and a CSP without connect-src 'self'
Craig Francis
Reported 2024-07-31 04:35:50 PDT
If you follow a link to a PDF and it includes a Content-Security-Policy that does not allow connect-src 'self', then use the browsers back and forward buttons; when you go forwards (to view the PDF again) it won't render the PDF, it will show a grey window, and these errors in the dev tools console: [Error] Refused to connect to [URL] because it appears in neither the connect-src directive nor the default-src directive of the Content Security Policy. [Error] Failed to load resource: Blocked by Content Security Policy. (pdf, line 0) [Error] Refused to connect to [URL] because it appears in neither the connect-src directive nor the default-src directive of the Content Security Policy. [Error] Failed to load resource: Blocked by Content Security Policy. (pdf, line 0) [Error] Refused to connect to [URL] because it appears in neither the connect-src directive nor the default-src directive of the Content Security Policy. [Error] Failed to load resource: Blocked by Content Security Policy. (pdf, line 0) Example at: https://craig.dev/misc/safari/2024-07-21-pdf-connect/
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2024-08-07 04:36:15 PDT
<rdar://problem/133375947>
Note You need to log in before you can comment on or make changes to this bug.