Content Security Policy vialoation with pdfmake 0.1.36
Content Security Policy vialoation with pdfmake 0.1.36
ikus060
Posts: 2Questions: 1Answers: 0
I'm trying to integrate PDF creation to datatable within an existing application. That application define a Content Security Policy (CSP). This seams to pose a problem with pdfmake.
Loading the page return this error:
caught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/".
at new Function (<anonymous>)
at new t (pdfmake.min.js?v=1682944047:2:667517)
at Object.<anonymous> (pdfmake.min.js?v=1682944047:2:313917)
at Object.<anonymous> (pdfmake.min.js?v=1682944047:2:565643)
at n (pdfmake.min.js?v=1682944047:2:385)
at Object.<anonymous> (pdfmake.min.js?v=1682944047:2:71322)
at Object.<anonymous> (pdfmake.min.js?v=1682944047:2:72425)
at Object.<anonymous> (pdfmake.min.js?v=1682944047:2:72438)
at n (pdfmake.min.js?v=1682944047:2:385)
at Object.<anonymous> (pdfmake.min.js?v=1682944047:2:303582)
Further reading tell me this is fixed in pdfmake v0.2 series, but I'm not sure if datatables is compatible with this version.
How could I work around this bug ?
This question has an accepted answers - jump to answer
Answers
Have you tried updating pdfmake. It's certainly an issue there, so not one we would fix.
That said, I can certainly look at updating our pdfmake integration if needed.
Allan
In fact, I've just tried pdfmake 0.2.7 and it seems to work without issue.
Their release notes show there aren't any breaking changes.
That doesn't appear to be the same with 0.3.0-beta though, which has a number of breaking changes.
I've updated the cdn links for our download builder to use pdfmake 0.2.7 for the time being.
Allan
it is working indeed.
Thanks for your help