ng2-pdfjs-viewer
ng2-pdfjs-viewer copied to clipboard
intbot
CSP unsafe-eval (fixed in newer pdf.js)
Seeing this error in my application - I noticed there is a ticket asking for the problem to be posted in the pdf.js issue tracker, but it appears at this point that pdf.js has solved the issue in version 2.1.266. The version of pdf.js within ng2-pdfjs-viewer seems to be 2.2.171 (not sure if I am looking at the right place).
Is it relatively simple to update this? Looks like they host a pre-built pdf.js out there so I will give it a shot in my application the meantime.
Thank you
I realize now that 2.2.171 > 2.1.266. That's on me for focusing on the rev number. But, then, should this issue not be fixed? Any idea why I might still be seeing this?
@Spiral1401 Have you tried trying using pdfjs directly? What are the results? Also can you try directly at PDFJS site here : https://mozilla.github.io/pdf.js/web/viewer.html
@codehippie1 the https://mozilla.github.io/pdf.js/web/viewer.html works, but that is expected as it does not have a content security policy in either the headers or the html head
PDF.js has two versions. One for all the browsers (old ones as well) and one for only newer versions. The problem is with polyfills and only the version with older browsers has it. Would it be possible to have two version from this library as well? so those who only develop for newer browsers could use the one with stricter security settings.
@ZsuzsaPetho @Spiral1401, have either of you found a work-around that doesn't require adding unsafe-eval to CSP headers?
For anyone who comes here in the future, we switched to https://www.npmjs.com/package/ngx-extended-pdf-viewer
Any updates or workarounds? ngx-extended-pdf-viewer unfortunately has quality issues while showing bitmaps inside the pdf that ng2-pdfjs-viewer does not have. So I would actually prefer using this package, but I will not enable unsafe-eval :-/
