I'm trying to show a base64 pdf that I get through a GET request but for some reason it gets blocked in Chrome for the following reason or at least I think it gets blocked because of this since I see an error in the console stating the following:
Unrecognized Content-Security-Policy directive 'reflected-xss'.
When I check my logs, I see that the pdf is correctly formatted in base64 because decrypting it results in the PDF, but Chrome just doesn't want to open it
In the response header I do see the following:
Content-Security-Policy:reflected-xss block
Content-Type:application/pdf
however, I'm not too familiar with this so any idea how I go about this to make this work? Or can anyone at least tell me why I'm getting that?
I do notice that when I try another pdf it works but that the response header for the one that works has Connection:keep-alive?
Entering my own answer to this question so that it has an official one (after all this time): As per my comment, the root cause was the way I created the header to send the pdf to the front end was badly formed. It got blocked by my company's F5 firewall.