Uploaded image for project: 'Nuxeo Elements'
  1. Nuxeo Elements
  2. ELEMENTS-1454

Fix nuxeo-pdf-viewer PDF preview when using stricter CSP

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.4.0
    • Fix Version/s: 2.4.58
    • Component/s: Preview, UI

      Description

      Steps to reproduce:

      1. Configure Nuxeo with the following (stricter) CSP; sample .jar attached: 

      default-src 'self'; script-src 'self' data: connect.nuxeo.com apis.google.com app.box.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self'; font-src 'self' data: fonts.gstatic.com; media-src 'self'; frame-src 'self' www.nuxeo.com accounts.google.com; frame-ancestors 'self'

      2. In Web UI with LibreOffice installed (7.1.7 tested), import a .docx file as a File.
      3. Observe nuxeo-pdf-viewer in the document's View tab

      Expected result: Word document preview renders and is visible.

      Actual result: nuxeo-pdf-viewer preview pane remains empty, browser console displays following error (see screenshot):

      Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' data: connect.nuxeo.com apis.google.com app.box.com".

        Attachments

          Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. ELEMENTS-1415 Use an ES5-compatible or legacy version of PDF.js

          • Major - Major loss of function.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. WEBUI-640 Fix pdf preview on Safari 15 / Monterey OS

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. ELEMENTS-1456 Bump PDF.js version to latest version in nuxeo-ui-elements

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is required by

          Improvement - An improvement or enhancement to an existing feature or task. NXP-30798 Bump nuxeo-ui-elements used by nuxeo-preview-core module

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link maintenance-3.0.x PR

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 3 hours, 25 minutes
                  2d 3h 25m