Content Security Policy error when embeding PDF in Angular html

Question

In my angular application, I am trying to display a pdf in the HTML. I am using as below,

<embed [src]="pdfContent" width="100%" height="1930px" type="application/pdf" />

It works fine when I run the app on localhost:4200, but when I deploy the changes to my application server(weblogic), it gives me an error 'Content Security Policy' shown below:

Refused to load plugin data from 'blob because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval'

I tried to fix using this link : but doesn't work. Any idea what's the issue?

This one? https://stackoverflow.com/q/31211359/5468463 – Vega Nov 06 '21 at 04:42 — Vega, Nov 06 '21 at 04:42

score 0 · Answer 1 · answered Nov 06 '21 at 08:19

I tried to fix using this link: but doesn't work.

It's important how you do use above fix. If you just insert a meta tag with Content Security Policy (CSP) - it does not work because you just add a second CSP. but the first one (published via HTTP header) continue block.

AFAIK the WebLogic Server publishes Content Security Policy via HTTP response header by default. You have to edit httpd.conf file and add blob: to the related directive: default-src 'self' 'unsafe-eval' blob: in your case.

Content Security Policy error when embeding PDF in Angular html

1 Answers1