Home / Topics / Download Manager Free / Embeded PDF Viewer gives script error

Embeded PDF Viewer gives script error

Viewing 4 posts - 1 through 4 (of 4 total)
Dec 2, 2022 at 5:50 pm #181137

Lee Evans
Participant

Hi guys,

Has anyone come across this error when using the [doc_preview] shortcode?

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'report-sample' 'nonce-lzZNLV-60gTxuMRvn3x-6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

in https://docs.google.com/viewer?url=https%3A%2F%2Fs3.eu-west-1.amazonaws.com%2Frscsl.org%2Fwp-content%2Fuploads%2F2022%2F09%2F24162759%2FRSCSL-Rules.pdf&embedded=true

The PDF is stored in an amazon bucket, could it be resolved with a CORS rule in the bucket to allow Google access to the file?

Dec 2, 2022 at 5:52 pm #181138

Lee Evans
Participant

I do have this CORS policy on the bucket already:-

[
    {
        "AllowedHeaders": [],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": []
    }
]
  • This reply was modified 2 years, 5 months ago by Lee Evans.
Dec 2, 2022 at 6:04 pm #181140

Lee Evans
Participant

Also on our WordPress .htaccess I’ve commented out the CSP rules, but wouldn’t expect it to be these anyway.


# X-XSS-Protection
#Header set X-XSS-Protection "1; mode=block"

# X-Frame-Options
#   Header add Content-Security-Policy "default-src 'self'; script-src: 'self' 'unsafe-inline';"

# X-Content-Type nosniff
#Header set X-Content-Type-Options nosniff

I’ve hacked a workaround by loading the pdf directly into an iframe.

In docViewer function in FileSystem.php

replaced this line:-

$doc_preview_html = '<iframe src="https://docs.google.com/viewer?url=' . urlencode($url) . '&embedded=true" width="100%" height="600" style="border: none;"></iframe>';

with
$doc_preview_html = '<iframe class="documentsIframe" src="'.$url.'" title="Preview Document" style="width: 100%;height: 1000px;"></iframe>';

Can anyone suggest an easier way to make a shortcode and have access to the file URL outside of the plugin – or at least make the google doc viewer work?

  • This reply was modified 2 years, 5 months ago by Lee Evans.
Dec 3, 2022 at 2:30 pm #181164

Tanvir
Spectator

Hello Lee Evans,

Thanks for contacting us.
We don’t suggest to change anything in our plugin’s codes as update will replace those.
However, for any feature implementation, you can request here. Maybe we could add those in future updates.

Regards
Tanvir

Viewing 4 posts - 1 through 4 (of 4 total)

The topic ‘Embeded PDF Viewer gives script error’ is closed to new replies.