Iam setting content security policy as
<meta charset="UTF-8" http-equiv="content-security-policy" content="object-src 'self' data:" />
and it render as [enter image description here][1]
Iam trying render a base64 encode pdf using object tag in vue3 as shown
<object
:data="'data:application/pdf;base64,' props.encodedPdf"
type="application/pdf"
></object>```
and getting the below error
[enter image description here][2]
[1]: https://i.stack.imgur.com/1BLcB.png
[2]: https://i.stack.imgur.com/8z4mU.png
CodePudding user response:
The most likely explanation is that two policies are served. The other one is most likely found in a response header and sets the directive "object-src 'none';". Content needs to pass all policies, and if another policy allows nothing you'll need to remove or modify that policy first.
CodePudding user response:
I was using I3 service for authentication and CSP headers 'object-src' was set from their end. I had to update the header there.