问题
I got the following problem: Having set
Content-Security-Policy style-src 'self'
within .htacess file, chrome complains in the developer console when displaying PDF files linked like <a href="file.pdf">.
Refused to apply inline style because it violates the following
Content Security Policy directive: "style-src 'self'". Either the
'unsafe-inline' keyword, a hash ('sha256-[deleted]'), or a nonce
('nonce-...') is required to enable inline execution.
I can also see that chrome applies some css to the PDF display:
element.style {
background-color: rgb(38,38,38);
height: 100%;
width: 100%;
overflow: hidden;
margin: 0;
}
Of course, the easy way would be to just change the CSP settings in .htaccess to
Content-Security-Policy style-src 'self' 'unsafe-inline'
but that would damage security. Also I hesitate to give a hash to code I can not control. So the question is: How do I specify CSS code for PDF files I link to?
来源:https://stackoverflow.com/questions/49358335/how-to-set-css-for-embedded-pdf-viewer-with-csp-enabled