- This topic has 3 replies, 2 voices, and was last updated 3 years, 3 months ago by
.
Hi guys,
Has anyone come across this error when using the [doc_preview] shortcode?
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'report-sample' 'nonce-lzZNLV-60gTxuMRvn3x-6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.
The PDF is stored in an amazon bucket, could it be resolved with a CORS rule in the bucket to allow Google access to the file?
Also on our WordPress .htaccess I’ve commented out the CSP rules, but wouldn’t expect it to be these anyway.
# X-XSS-Protection
#Header set X-XSS-Protection "1; mode=block"
# X-Frame-Options
# Header add Content-Security-Policy "default-src 'self'; script-src: 'self' 'unsafe-inline';"
# X-Content-Type nosniff
#Header set X-Content-Type-Options nosniff
I’ve hacked a workaround by loading the pdf directly into an iframe.
In docViewer function in FileSystem.php
replaced this line:-
$doc_preview_html = '<iframe src="https://docs.google.com/viewer?url=' . urlencode($url) . '&embedded=true" width="100%" height="600" style="border: none;"></iframe>';
with
$doc_preview_html = '<iframe class="documentsIframe" src="'.$url.'" title="Preview Document" style="width: 100%;height: 1000px;"></iframe>';
Can anyone suggest an easier way to make a shortcode and have access to the file URL outside of the plugin – or at least make the google doc viewer work?
The topic "Embeded PDF Viewer gives script error" is closed to new replies.