[Webkit-unassigned] [Bug 237643] New: Security errors when loading PDF documents using PDF.js
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 9 03:07:18 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=237643
Bug ID: 237643
Summary: Security errors when loading PDF documents using
PDF.js
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: PDF
Assignee: webkit-unassigned at lists.webkit.org
Reporter: cgarcia at igalia.com
CC: thorton at apple.com
Blocks: 235969
CONSOLE MESSAGE: webviewerloaded: SecurityError: Blocked a frame with origin "webkit-pdfjs-viewer://pdfjs" from accessing a cross-origin frame. Protocols, domains, and ports must match.
This happens when the pdf viewer is loaded because it tries to dispatch a custom event to the parent document:
function webViewerLoad() {
const config = getViewerConfiguration();
const event = document.createEvent("CustomEvent");
event.initCustomEvent("webviewerloaded", true, true, {
source: window
});
try {
parent.document.dispatchEvent(event);
} catch (ex) {
console.error(`webviewerloaded: ${ex}`);
document.dispatchEvent(event);
}
_app.PDFViewerApplication.run(config);
}
I have no idea why that's done, but I guess it's harmless and doesn't affect any functionality.
CONSOLE MESSAGE: Feature policy 'Fullscreen' check failed for iframe with origin 'webkit-pdfjs-viewer://pdfjs' and allow attribute ''.
This happens when the viewer checks is fullscreen is supported to enable the presentation mode.
Referenced Bugs:
https://bugs.webkit.org/show_bug.cgi?id=235969
[Bug 235969] Integrate PDF.js in Captive Portal mode
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220309/a9e46c11/attachment-0001.htm>
More information about the webkit-unassigned
mailing list