Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[CSP] remove HTTP CSP Headers

Browse Source
This commit is contained in:
Yury Delendik 2013-07-30 21:00:20 -05:00
parent 99c9079f54
commit 7a43492e5f
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
extensions/firefox/components/PdfStreamConverter.js
View File

@ -720,6 +720,15 @@ PdfStreamConverter.prototype = {
// Change the content type so we don't get stuck in a loop.
aRequest.setProperty('contentType', aRequest.contentType);
aRequest.contentType = 'text/html';
if (isHttpRequest) {
// We trust PDF viewer, using no CSP
aRequest.setResponseHeader('Content-Security-Policy', '', false);
aRequest.setResponseHeader('Content-Security-Policy-Report-Only', '',
false);
aRequest.setResponseHeader('X-Content-Security-Policy', '', false);
aRequest.setResponseHeader('X-Content-Security-Policy-Report-Only', '',
false);
}
if (!rangeRequest) {
// Creating storage for PDF data