Iframe issue due to Content Security Policy

This was an issue raised by our user (TIM) on Intercom.


I want to send a blob (PDF file created with jsPDF) from an Iframe (inside appsmith application) to the user. given the content security policy, this seems challenging, I can not ‘present’ the PDF file for download in the iframe AND I cannot send the pdf using parent.postMessage(newPdf.output(‘dataurl’). What would be a workaround for the content security policy within the iframe?


Previously, we did now allow blobs, but now, this issue will be automatically resolved.

Appsmith iframe allows the following:

(1) all hosts, (2) data URIs, and (3) blobs.