What are the Content Security Policy requirements?

Which product are you using?
Evaluating whether PDF.js Express Plus is suitable

PDF.js Express Version

N/A

Detailed description of issue
Before we commit to using PDF.js Express Plus we need to know what the required Content Security Policy rules are. We have strict policy requirements and cannot allow unsafe-inline or unsafe-eval. Are you able to let me know what the required rules are? Thanks!

Expected behaviour
N/A

Does your issue happen with every document, or just one?
N/A

Link to document
N/A

Code snippet
N/A

1 Like

While testing a stricter CSP on our side, we observed that webviewer.core.min.js introduces an inline script. Although it doesn’t appear to affect the PDF web viewer’s functionality, it would be preferable to avoid relying on inline scripts altogether.

Is there a workaround for this issue, and could you look into removing the inline script? We’d prefer not to rely on unsafe-inline in our CSP.