Skip to content

Commit

Permalink
Add base-uri 'none' as CSP.
Browse files Browse the repository at this point in the history
  • Loading branch information
tamuratak committed May 18, 2021
1 parent a15d989 commit ba9a629
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/components/viewer.ts
Original file line number Diff line number Diff line change
Expand Up @@ -278,7 +278,7 @@ export class Viewer {
this.extension.logger.addLogMessage(`The internal PDF viewer url: ${iframeSrcUrl}`)
const rebroadcast: boolean = this.getKeyboardEventConfig()
return `
<!DOCTYPE html><html><head><meta http-equiv="Content-Security-Policy" content="default-src http://localhost:${serverPort} http://127.0.0.1:${serverPort}; script-src 'unsafe-inline'; style-src 'unsafe-inline';"></head>
<!DOCTYPE html><html><head><meta http-equiv="Content-Security-Policy" content="default-src http://localhost:${serverPort} http://127.0.0.1:${serverPort}; base-uri 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline';"></head>
<body><iframe id="preview-panel" class="preview-panel" src="${iframeSrcUrl}" style="position:absolute; border: none; left: 0; top: 0; width: 100%; height: 100%;">
</iframe>
<script>
Expand Down
2 changes: 1 addition & 1 deletion viewer/viewer.html
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="google" content="notranslate">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; connect-src 'self' ws://localhost:* ws://127.0.0.1:*; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:;">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; base-uri 'none'; connect-src 'self' ws://localhost:* ws://127.0.0.1:*; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:;">
<title>PDF.js viewer</title>

<!--
Expand Down

0 comments on commit ba9a629

Please sign in to comment.