Hi,
Does anyone know how to setup the content-security-policy to allow content
generated by JavaScript to be downloaded in a similar way as a file?
Please have a look at the code bellow.
I would expect the download of "myFile.txt" with content "hello" starts when
clicking on the link.
Unfortunately, Firefox 44 complains with:
Content Security Policy: The page's settings blocked the loading of a
resource at data:plain/text,hello ("default-src https://192.168.122.101:9090
'unsafe-inline' 'unsafe-eval'").
Thanks for your help,
Marek
-----------------
maanifest.json:
{
"version": 0,
"tools": {
"mytest": {
"label": "cspTest",
"path": "csp.html"
}
},
"content-security-policy": "default-src 'self' data: https: 'unsafe-inline'
'unsafe-eval'"
}
-----------------
csp.html:
<html>
charset="utf-8">
href="../base1/cockpit.css" type="text/css" rel="stylesheet">
href="data:plain/text, hello" download="myFile.txt">Static content
html
_______________________________________________
cockpit-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
