Hello!
One of my functionalities of my custom app is to show a PDF from a URL based on the ticket, but whether I use the <embed> tag or the <iframe> tag to show the PDF, it does not load in my chrome browser. When using an <embed> tag I get the following error:
"Failed to load as a plugin, because the frame into which the plugin is loading is sandboxed"
When using the <iframe> for pdf, it doesn't give an error in the console but it doesn't load at all.
Hey Julian,
I'm not 100% sure what could be causing the error but a Google search returns a few results suggesting content security policy as a possible culprit. Here's a link to the docs; there's a few threads on Stack overflow that you might find helpful, as well.
Out of curiosity, is it only on chrome that you're seeing this behaviour?
Hi Tipene,
We had tried modifying alot of CSP headers, as well as iFrame sandbox attributes, but if I had to guess I would say I think its inherently due to the sandbox nature of Zendesk iFrame.
It worked on chrome mobile, and on some other browsers, but not chrome desktop.
Eventually we had to resort to rendering the pdf within html itself using a 3rd party package, we could not find another workaround to just use an iframe or an embed/object tag for the pdf
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Yeah I think you're right. While CSP directives would result in the PDF blocked if they were present, the sandbox attributes would result in the same result whether or not CSP is implemented. It appears that this is a problem specific to chrome browsers - I've run a few tests in firefox and safari and the iframe'd PDFs are loading as expected, as long as CSP headers aren't present.
Unfortunately we don't have any control of the way chrome implements the sandbox rules so I think a workaround such as the one you mentioned is probably your best course of action here.