pdf.js: CSP violations for unsafe-inline in pdfjst-dist@2.2.228
Attach (recommended) or Link to PDF file here:
Configuration:
- Chrome Version 76.0.3809.87 (Official Build) (64-bit)
- Ubuntu 18.04.2 LTS (Bionic Beaver)
- PDF.js version: pdfjs-dist
v2.2.228 - Is a browser extension: No
Steps to reproduce the problem:
We have a content security policy that prevents unsafe-inline.
The policy is violated by this line in v2.2.228 Function(“r”, “regeneratorRuntime = r”)(runtime);
Additional info: Similar issue #10229
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 25 (4 by maintainers)
I believe that this issue can be closed now, since the upcoming release will feature two kinds of builds:
I don’t really see what PDF.js could do differently here. Even though the comment is clear, we intentionally run PDF.js with strict mode to prevent errors and allow for optimizations. Given that this didn’t happen before and we don’t even use
facebook/regeneratordirectly (but only as a dependency of another package) I would say that those should be patched, unless there is a trivial change we can/need to do on our side, but I don’t know what that would be then…Same issue here.
@Snuffleupagus it’s possible to distribute 2 separate files one for the older browser a 2nd for the evergreen browsers?
@timvandermeij Code in pdf.js could be written so that the polyfill is not needed. @Snuffleupagus Any hints at whta file to look at?