PDFViewer / Content Security Policy blocks 'blob:' and 'frame-src'

[vkael]

Steps to reproduce

1. Install latest OwnCloud server
2. Configure it to use OwnCloud Web application new front-end
3. Upload a PDF
4. Try to preview said PDF

Expected behaviour

PDF is shown.

Actual behaviour

CSP configuration does not allow neither blob: (Chrome/Firefox), nor frame-src (Chrome only) :

View :

Server configuration

Operating system: Debian 11

Web server: NGINX

Database: MySQL

PHP version:

ownCloud version: 10.11

Updated from an older ownCloud or fresh install: Updated

Where did you install ownCloud from: OwnCloud website

Signing status (ownCloud 9.0 and above):

No errors have been found.

List of activated apps:

"preview",
"pdf-viewer",
"search",
"text-editor",
"draw-io"

Are you using external storage, if yes which one: local

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Chrome 110.0.5481.100 and Firefox 110

Operating system: Windows 11

Logs

Browser log

Content Security Policy: The page’s settings blocked the loading of a resource at blob:https://xyz.com/bb6b39b8-1d71-4960-bc4c-16ab79bc1044 (“default-src”).

[DeepDiver1975]

not a core issue - thx for your contribtion