I am trying to load PDF from a cross-origin URL inside Iframe. This is working fine in chrome but the Iframe is blocked in safari. I have defined the CSP policy meta inside the header in my HTML page.
<meta http-equiv="Content-Security-Policy" content="frame-src 'unsafe-inline' 'unsafe-eval' https://*; object-src 'unsafe-inline' 'unsafe-eval' https://*; child-src 'unsafe-inline' 'unsafe-eval' https://*; frame-ancestors 'unsafe-inline' 'unsafe-eval' https://*;" />
Response Header
Accept-Ranges: bytes
Content-Length: 86301
Content-Type: application/pdf
Date: Tue, 29 Dec 2020 13:19:56 GMT
ETag: "1de9dd7edb4cf9f732817f36ef6e03qw"
Last-Modified: Tue, 04 Aug 2020 06:28:49 GMT
Server: AmazonS3
x-amz-id-2: VjaCQFfmFX+8XlGPA7/4r5J4xbfk124lkGeoTQrzxzj59ovj+SLoLSdFz3xZWEQ/FSonArf32w8=
x-amz-request-id: 1e1A8908B9E1e423
x-amz-server-side-encryption: AES256
x-amz-version-id: UUCC4mUIBzmV_CsidGHgXMc0zSWbqRXW
Error
Refused to load https://example.com/ad/sd.pdf because it does not appear in the object-src directive of the Content Security Policy.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
