File download in embedded app not allowed due to Content Security Policy

shevchenko
Tourist
8 1 1

Hello,

I am a developer behind the application Customs Buddy. This application helps merchants to generate commercial invoices based on their orders. After an invoice is generated - Merchant can download it as PDF.

But I am facing one limitation. I am not able to trigger a download of a PDF file with <a href="blob://" dowload>Download</a>. This happens due to a Content-Security-Policy setting, which arrives when URL "[store].myshopify.com/admin/apps/commercial-invoice-staging" is requested.

My question (ask) is if this is possible to either:

In my opinion, application developers will only benefit from such change and I do not see any potential security issues that this change can cause.

(as a current workaround, I have to open pdf in a new tab, where the merchant has to download it via browser PDF viewer, unfortunately not the best user experience)

Thanks a lot,
Viktor

Replies 2 (2)
nvent97
Tourist
4 0 3

Hello Shevchenko, I am currently facing the same error on a Shopify Aplication, were you able to fix or did you find any other solution? 

 

Thanks in advance!

shevchenko
Tourist
8 1 1

Hi, still using a workaround. This issue has to be pushed further to Shopify developers, but I do not have time to do it now.