Content Security Policy prevents render when reaching out to unpkg.com #285
Comments
|
The same issue is also faced when trying to load pdf in offline mode. Since we are using cdn, the worker does not load in offline mode |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
pdfjs requires the workerSrc to be set at runtime. The current implemenation sets this to a CDN (https://unpkg.com). When a content security policy is defined this logic can fail when the CDN is not defined in the allow list of the CSP. It appears that work was started to eliminate the usage of the CDN but was never completed. The prerelease script executes copy-worker.mjs to the dist folder but it is never used to set the workerSrc. We were able to mitigate this on our end by patching the code but this is a maintaince nightmare. I tried fixing locally and it appears to work but will need more eyeballs. I am not a vite and/or webpack guru. Assistance would be great to get this resolved. I will send a PR shortly with the changes I have thus far.
The text was updated successfully, but these errors were encountered: