1 Reply Latest reply on May 23, 2017 1:56 AM by jcesarmobile_

    Open PDF, content security policy



      I'm working on an app which is developed with the vaadin framework (java) and runs with phonegap (6.5) under android and ios. That works well but I have a problem with PDF documents. The app received the PDF from a database and displays it to the user. That works well when I run the app on a desktop computer and on ios. The problem is when I try to open the PDF on an android device.

      I think the problem is caused by the content security policy (csp).


      When I debug the app on an android device I can see in the network section that the transfer of the PDF file was canceled.




      my index.html file includes:


      <meta http-equiv="Content-Security-Policy" content="default-src 'self' data:* gap: 'unsafe-inline' 'unsafe-eval' http://myvero.goip.de/myVero2/APP/connector/* *; style-src 'self' 'unsafe-inline' *; media-src * plugin-types application/pdf text/cache" />


      and the config.xml includes:


      <access origin="*" />
      <allow-intent href="http://*/*" />
      <allow-intent href="https://*/*" />
      <allow-intent href="tel:*" />
      <allow-intent href="sms:*" />
      <allow-intent href="mailto:*" />
      <allow-intent href="geo:*" />
      <allow-navigation href="*" />
      <allow-navigation href="http://*/*" />
      <allow-navigation href="https://*/*" />
      <allow-navigation href="data:*" />


      I tried to generate different Content-Security-Policy headers on the "CSP Is Awesome" website (http://cspisawesome.com/) but I didn't find any working solution.


      Maybe someone can help me.


      Thanks a lot!