content security policy issue

[vineet.j...@gmail.com]

Trying to load different contents in an 'iframe' through javascript. The content is loaded using the data URL scheme as :

// this javascript is registered in the html file and the LoadFunction is registered inside the DOMContentLoaded event on the click of a button.

void LoadFunction()

{

window.parent.document.getElementById("page_data").src = 'data:application/pdf;base64,' + 'base64 encoded data'; (base64 data is received from a c++ class)

}

but as soon as above function is called, a content security policy error is raised as : 

Refused to load plugin data from 'data:application/pdf;base64,JVBERi0xLjQNCiXi48/TDQoxIDAgb2JqDQo8PA0KL1R5cGU…mRvYmoNCjkgMCBvYmoNCjw8DQovVHlwZSAvRm9udA0KL1N1YnR5cGUgL1R5cGUxDQovQmFzZUZ' because it violates the following Content Security Policy directive: "default-src 'self'

But surprisingly this error is NOT raised when the data url is changed to :  'data:image/png;base64,' + 'base64 encoded data'; and the image gets loaded into iframe successfully.

As far as i know, this error is raised only when inline code is executed directly into html file but this isn't the case here and if that is the case then why it does not gets raised for image files. 

Thanks

Vineet

[vineet jain]

Also if i try setting the content security policy in the manifest.json file as : "content_security_policy": "script-src 'self'; object-src 'self' ; frame-src 'self' data:"

then the error changes to : Refused to load plugin data from 'data:application/pdf;base64,' because it violates the following Content Security Policy directive: "object-src 'self'

so probably object-src needs to be set, but not sure what it should be.

[PhistucK]

I do not think this is the right group for such discussions, it is not about the Google Chrome Developer Tools, but a general development issue you happen to have with Chrome.

Perhaps chromium-html5 is better, or blink-dev, or just file an issue at crbug.com if you have not found any existing issue.

☆PhistucK

--
You received this message because you are subscribed to the Google Groups "Google Chrome Developer Tools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-chrome-develo...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-chrome-developer-tools/ed9a933d-a9fa-4e80-aeb4-5ad1c54a6f08%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

[vineet jain]

ok thanks, i have posted it in the right forum perhaps :)

On Friday, 6 December 2013 14:31:35 UTC+5:30, vineet jain wrote:

[Роман Игоревич]

Hello, Vineet jain!

Could you tell me please have you found the solution for this case ?

Sincerely, Roman.

пятница, 6 декабря 2013 г., 16:35:37 UTC+4 пользователь vineet jain написал: