Matt Fenelon

Thinking about it more, the file parameter is a security risk for content spoofing when HOSTED_VIEWER_ORIGINS is configured to let the viewer load any remote URL. Consider the case where...

The Content-Security-Policy header could be used to protect sites from loading any remote URL. A configuration option could be made available to set that header on requests for any of...

@senny there's a [FAQ entry](https://github.com/mozilla/pdf.js/wiki/Frequently-Asked-Questions#can-i-load-a-pdf-from-another-server-cross-domain-request) about it, as far as I can tell it's purpose is to avoid opening a security hole on your site inadvertently, if you change the...

We came across this issue when trying to switch the default adapter to this adapter because of some other libraries. Those libraries set a global Faraday connection and reuse it...