Please excuse the wrong formatting in my previous post. I'm sending the files as attachments now.
----- Original Message ----- > From: "Stef Walter" <[email protected]> > To: "Development discussion for the Cockpit Project" > <[email protected]> > Sent: Wednesday, February 24, 2016 1:40:45 PM > Subject: Re: Download generated file, content-security-policy > > On 24.02.2016 12:58, Marek Libra wrote: > > Hi, > > > > Does anyone know how to setup the content-security-policy to allow > content generated by JavaScript to be downloaded in a similar way as a file? > > > > Please have a look at the code bellow. I would expect the download of > > "myFile.txt" with content "hello" > > starts when clicking on the link. > > > > Unfortunately, Firefox 44 complains with: Content Security Policy: > > The page's settings blocked the loading of a > resource at data:plain/text,hello ("default-src > https://192.168.122.101:9090 'unsafe-inline' 'unsafe-eval'"). > > > > Thanks for your help, Marek > > > > ----------------- > > maanifest.json: > > > > { > > "version": 0, > > "tools": { > > "mytest": { > > "label": "cspTest", > > "path": "csp.html" > > } > > }, > > > > "content-security-policy": "default-src 'self' data: https: > > 'unsafe-inline' 'unsafe-eval'" > > } > > > > ----------------- > > csp.html: > > > > <html> > > > > charset="utf-8"> > > href="../base1/cockpit.css" type="text/css" rel="stylesheet"> > > > > > > href="data:plain/text, hello" download="myFile.txt">Static content > > > > html > > This example, once I fixed the HTML tags seemed to work in Chrome but > not in Firefox. My Firefox (44.0.2) doesn't complain about CSP though. > This is strange, since Firefox 44.0.2 does not complain all the time. Please refresh and try clicking once again. The CSP error will display (or repeat). Anyway, no matter of the CSP error message, the download is not started in Firefox. Works fine, when opening in a new tab. Could it be a Firefox bug? > Does the behavior change when clicking on the link and choosing 'This > frame | Open frame in new Tab'? That is, when displaying the cspTest > plugin in its own browser window? > > What kind of download are you trying to simulate? Something from the > server perhaps? When working on the sosreport plugin we had to add > support to do just that. You can see an example here: > > https://github.com/cockpit-project/cockpit/blob/master/pkg/sosreport/index.js#L101 I plan to generate console.vv for remote-viewer. I have all data already in browser (JavaScript). If possible, I would like to avoid placing the content on the filesystem before download or setting up new proxy service running on the host and serving the request. > > Cheers, > > Stef > > > > _______________________________________________ > cockpit-devel mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] >
manifest.json
Description: application/json
_______________________________________________ cockpit-devel mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
