On 24.02.2016 12:58, Marek Libra wrote:
Hi,
Does anyone know how to setup the content-security-policy to allow
content
generated by JavaScript to be downloaded in a similar way as a file?
Please have a look at the code bellow. I would expect the download of
"myFile.txt" with content "hello"
starts when clicking on the link.
Unfortunately, Firefox 44 complains with: Content Security Policy:
The page's settings blocked the loading of a
resource at data:plain/text,hello
("default-src
https://192.168.122.101:9090 'unsafe-inline' 'unsafe-eval'").
Thanks for your help, Marek
-----------------
maanifest.json:
{
"version": 0,
"tools": {
"mytest": {
"label": "cspTest",
"path": "csp.html"
}
},
"content-security-policy": "default-src 'self' data: https:
'unsafe-inline' 'unsafe-eval'"
}
-----------------
csp.html:
<html>
charset="utf-8">
href="../base1/cockpit.css" type="text/css"
rel="stylesheet">
href="data:plain/text, hello" download="myFile.txt">Static
content
html
This example, once I fixed the HTML tags seemed to work in Chrome but
not in Firefox. My Firefox (44.0.2) doesn't complain about CSP though.
Does the behavior change when clicking on the link and choosing 'This
frame | Open frame in new Tab'? That is, when displaying the cspTest
plugin in its own browser window?
What kind of download are you trying to simulate? Something from the
server perhaps? When working on the sosreport plugin we had to add
support to do just that. You can see an example here:
https://github.com/cockpit-project/cockpit/blob/master/pkg/sosreport/inde...
Cheers,
Stef