I keep a small web site for a non-profit group. A number of .pdfs can be found for viewing on the web site.
I’ve come throughout a difficulty with .pdf show within the present model of Safari (v. 16.4) (underneath macOS Ventura) and have additionally now seen it in different WebKit browsers similar to DuckDuckGo and Orion.
When the web site server’s Content material Safety Coverage (CSP) incorporates “style-src 'self';” a hyperlink to open a .pdf (saved within the web site’s listing) leads to the peak of the .pdf to be severely truncated to about 150 pixels.
Altering the CSP to incorporate “style-src 'self' 'unsafe-inline';” leads to the .pdf being displayed as anticipated.
Safari 15.6.1 underneath macOS Catalina, Firefox and Google Chrome all show the .pdf as anticipated with out the addition of 'unsafe-inline' to style-src.
Is that this a brand new WebKit bug or a purposeful change within the implementation of in-browser .pdf show?
I’m conscious of the safety considerations of utilizing 'unsafe-inline' in style-src. What various is out there to avoid this .pdf show challenge that I’ve famous (assuming it’s not a bug that might be fastened)?
