Trying to load different contents(can be pdf, swf etc.) in an 'iframe' through javascript in an chrome extension application. The content is loaded using the data URL scheme as :
// this javascript is registered in the html file and the LoadFunction is registered inside the DOMContentLoaded event on the click of a button.
void LoadFunction()
{
window.parent.document.getElementById(page_data).src = 'data:application/pdf;base64,' + 'base64 encoded data'; (base64 data is received from a c++ class)
}
but as soon as above function is called, a content security policy error is raised as :
Refused to load plugin data from 'data:application/pdf;base64,JVBERi0xLjQNCiXi48/TDQoxIDAgb2JqDQo8PA0KL1R5cGU…mRvYmoNCjkgMCBvYmoNCjw8DQovVHlwZSAvRm9udA0KL1N1YnR5cGUgL1R5cGUxDQovQmFzZUZ' because it violates the following Content Security Policy directive: default-src 'self'
But surprisingly this error is NOT raised when the data url is changed to : 'data:image/png;base64,' + 'base64 encoded data'; and the image gets loaded into iframe successfully.
As far as i know, this error is raised only when inline code is executed directly into html file but this isn't the case here and if that is the case then why it does not gets raised for image files.
Also if i try setting the content security policy in the manifest.json file as :
content_security_policy: script-src 'self'; object-src 'self' ; frame-src 'self' data:
then the error changes to :
Refused to load plugin data from 'data:application/pdf;base64,' because it violates the following Content Security Policy directive: object-src 'self'
so probably object-src needs to be set, but not sure what it should be.