CSP issue in firefox
We are facing issue while exporting documents from our portal which is embedded into an iframe of some external portal.
We see the following error in the console :
Content Security Policy: The page’s settings blocked the loading of a resource at blob:https://abc.def.com/1gg3810-ae25-42ae-ghghb-123456789 (“frame-src”).
This issue comes only in firefox. We are able to export documents in other browsers. We think that the problem comes due to the portal is embedded into an iframe. when we execute the download URL in a separate tab, it allows to download the document.
We are using below CSP policy :
default-src * blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src * data:; img-src * data:; frame-src * blob: data: 'self'; object-src *