Content Security Policy - Embed API JavaScript Promise

Question

I have been using the API and providing a URL and not having any problems but when I switch to using the promise I am getting an error back in the console and the file doesn't load. It looks as if the error is in the viewer.js

I get the error:

"Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' use.typekit.net assets.adobedtm.com www.adobe.com/marketingtech/ prod.adobeccstatic.com/utilnav/ widget.uservoice.com by2.uservoice.com/t2/ assets.adobe.com api.demandbase.com/api/v2/ip.json commerce.adobe.com". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript&colon; navigations unless the 'unsafe-hashes' keyword is present."

Is there something I need to add to my CSP Header to prevent this?

To reproduce the error here's what I am doing using I am using https://documentservices.adobe.com/view-sdk/viewer.js

var adobeDCView = new AdobeDC.View({
clientId: {clientId},
divId: "adobe-dc-view",
});

adobeDCView.previewFile({
content: {
promise: readFile(buffer),
},
metaData: {
fileName: "FileName"
}
}, {});
}

Any help would be greatly appreciated.

Meena Makwana · Answer

Hi @DeanWa, did you manage to fix this issue?

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded