Hi,
Does anyone know how to setup the content-security-policy to allow content generated by
JavaScript to be downloaded in a similar way as a file?
Please have a look at the code bellow.
I would expect the download of "myFile.txt" with content "hello"
starts when clicking on the link.
Unfortunately, Firefox 44 complains with:
Content Security Policy: The page's settings blocked the loading of a resource
at data:plain/text,hello ("default-src
https://192.168.122.101:9090
'unsafe-inline' 'unsafe-eval'").
Thanks for your help,
Marek
-----------------
maanifest.json:
{
"version": 0,
"tools": {
"mytest": {
"label": "cspTest",
"path": "csp.html"
}
},
"content-security-policy": "default-src 'self' data: https:
'unsafe-inline' 'unsafe-eval'"
}
-----------------
csp.html:
<html>
charset="utf-8">
href="../base1/cockpit.css" type="text/css"
rel="stylesheet">
href="data:plain/text, hello" download="myFile.txt">Static
content
html