On 03/23/2017 11:40 PM, Jerome Charaoui wrote: > Pollito not understand why Chromium Content Security Policy squawking, > so suggest Firefox or wget to download.
It seems surprisingly hard to find a rationale for this quickly, but I suppose that's because these two HTTP response headers are conflicting: Content-Security-Policy: default-src 'none' Content-Disposition: inline; filename="canadian_pollito.pdf" The CSP seems to disallow inline content (but refers to styles and scripts, not embedded files; but maybe that's actually the same thing) by overwriting all pre-existing defaults with deny. Kind regards Philipp Kern _______________________________________________ Debconf-discuss mailing list [email protected] http://lists.debconf.org/mailman/listinfo/debconf-discuss
