I’m getting the following issue:
Content-Security-Policy: The page’s settings blocked the loading of a resource at blob:https://test.com/ff851-924-4522-8b74-f1d4f8c9f (“default-src”).
whenever I click Export
button which exports user data in Mozilla Firefox browser. The file is also not getting downloaded.
The same is working fine in Google Chrome perfectly.
I tried including the following meta tag in html file but that doesn’t seem to fix the issue.
<meta http-equiv="Content-Security-Policy" content="img-src * 'self' blob:">
Any way to get around this issue?
2
Answers
Adding to @HalvorSakshaug 's answer, this issue was indeed caused due to the CSP configuration set in source, in my case Cloudfront. I modified it to allow blob and its working now.
To create/update CSP in cloudfront,
Cloudfront > Functions > Create function
The handler can be defined as:
This can be used in configuration in behavior as:
There is a content security policy set on your page, you can likely see it in the response headers. You need to identify where the policy is set and modify it to allow "blob:" in default-src or a more specific directive. Adding another policy in meta can only make the total policy stricter.