Re: [Debconf-discuss] Canadian Pollito
On 03/23/2017 11:40 PM, Jerome Charaoui wrote:
> Pollito not understand why Chromium Content Security Policy squawking,
> so suggest Firefox or wget to download.
It seems surprisingly hard to find a rationale for this quickly, but I
suppose that's because these two HTTP response headers are conflicting:
Content-Security-Policy: default-src 'none'
Content-Disposition: inline; filename="canadian_pollito.pdf"
The CSP seems to disallow inline content (but refers to styles and
scripts, not embedded files; but maybe that's actually the same thing)
by overwriting all pre-existing defaults with deny.
Kind regards
Philipp Kern
Reply to: