Skip to content

content-security-policy.md

Latest commit

 

History

History
62 lines (46 loc) · 4.01 KB

content-security-policy.md

File metadata and controls

62 lines (46 loc) · 4.01 KB
layout post
title Content Security Policy in
description Learn here all about Content Security Policy in Syncfusion
platform ej2-javascript
control PDF Viewer
publishingplatform
documentation ug

Content Security Policy

Content Security Policy (CSP) is a security feature implemented by web browsers that helps to protect against attacks such as cross-site scripting (XSS) and data injection. It limits the sources from which content can be loaded on a web page.

To enable strict Content Security Policy (CSP), certain browser features are disabled by default. In order to use Syncfusion PDF Viewer control with strict CSP mode, it is essential to include following directives in the CSP meta tag.

{% tabs %} {% highlight razor tabtitle="HTML" %}

{% endhighlight %} {% endtabs %}

The resultant meta tag is included within the <head> tag and resolves the CSP violation on the application's side when utilizing Syncfusion PDF Viewer control with material and tailwind themes.

{% tabs %} {% highlight razor tabtitle="HTML" %}

...

{% endhighlight %} {% endtabs %}

  • Syncfusion PDF Viewer control when images are added as blob and base64, which are blocked on a strict CSP-enabled site.To overcome this restriction, it is necessary to add the img-src data: directive in the meta tag. To allow them, add the style-src 'self' 'unsafe-inline'; and img-src 'self' data:; directives as follows.

{% tabs %} {% highlight razor tabtitle="HTML" %}

{% endhighlight %} {% endtabs %}

N> From the release 2023 Vol2 - 22.1 version, the Content Security Policy for Syncfusion PDF Viewer control has been enhanced by implementing a function template approach for template properties to eliminate the usage of the unsafe-eval directive in the CSP meta tag.

View sample in GitHub