https://community.dynatrace.com/t5/Developer-Q-A-Forum/Downloading-blocked-by-CSP/m-p/261972#M1140 <P>Hello,</P><P>In a custom App, I retrieve some JSON content from an API, and I want the user to be able to download a JSON file of this data.</P><P>I tried a few things like this :</P><P>&nbsp;</P><LI-CODE lang="javascript"> const downloadTxtFile = () =&gt; { const texts = ["line 1", "line 2", "line 3"]// file object const file = new Blob(texts, { type: 'text/plain' });// anchor link const element = document.createElement("a"); element.href = URL.createObjectURL(file); element.download = "100ideas-" + Date.now() + ".txt";// simulate link click document.body.appendChild(element); // Required for this to work in FireFox element.click(); }</LI-CODE><P>&nbsp;</P><P>&nbsp;But each time I got a CSP error :</P><P>&nbsp;</P><LI-CODE lang="markup">Content-Security-Policy : Les paramètres de la page ont empêché le chargement d’une ressource (frame-src) à l’adresse blob:http://localhost:3000/c967a477-517c-4a45-b661-0db72d23a37a car elle enfreint la directive suivante : « frame-src 'self' https://{environmentid}.live.dynatrace.com https://sso.dynatrace.com https://chat-one.dynatrace.com https://dev.access-approval.internal.dynatracelabs.com https://hardening.access-approval.internal.dynatracelabs.com https://access-approval.internal.dynatrace.com http://localhost:3000 »</LI-CODE><P>&nbsp;</P><P>I tried to change the CSP rules, but it didn't work and according to <A href="https://developer.dynatrace.com/develop/security/configure-csp-rules/" target="_self">this</A> it might not be possible to change frame-src.</P><P>&nbsp;</P><P>Is there an alternative approach to allow file downloads without running into CSP restrictions?</P> Fri, 08 Nov 2024 14:06:15 GMT Auriane 2024-11-08T14:06:15Z https://community.dynatrace.com/t5/Developer-Q-A-Forum/Downloading-blocked-by-CSP/m-p/261972#M1140 <P>Hello,</P><P>In a custom App, I retrieve some JSON content from an API, and I want the user to be able to download a JSON file of this data.</P><P>I tried a few things like this :</P><P>&nbsp;</P><LI-CODE lang="javascript"> const downloadTxtFile = () =&gt; { const texts = ["line 1", "line 2", "line 3"]// file object const file = new Blob(texts, { type: 'text/plain' });// anchor link const element = document.createElement("a"); element.href = URL.createObjectURL(file); element.download = "100ideas-" + Date.now() + ".txt";// simulate link click document.body.appendChild(element); // Required for this to work in FireFox element.click(); }</LI-CODE><P>&nbsp;</P><P>&nbsp;But each time I got a CSP error :</P><P>&nbsp;</P><LI-CODE lang="markup">Content-Security-Policy : Les paramètres de la page ont empêché le chargement d’une ressource (frame-src) à l’adresse blob:http://localhost:3000/c967a477-517c-4a45-b661-0db72d23a37a car elle enfreint la directive suivante : « frame-src 'self' https://{environmentid}.live.dynatrace.com https://sso.dynatrace.com https://chat-one.dynatrace.com https://dev.access-approval.internal.dynatracelabs.com https://hardening.access-approval.internal.dynatracelabs.com https://access-approval.internal.dynatrace.com http://localhost:3000 »</LI-CODE><P>&nbsp;</P><P>I tried to change the CSP rules, but it didn't work and according to <A href="https://developer.dynatrace.com/develop/security/configure-csp-rules/" target="_self">this</A> it might not be possible to change frame-src.</P><P>&nbsp;</P><P>Is there an alternative approach to allow file downloads without running into CSP restrictions?</P> Fri, 08 Nov 2024 14:06:15 GMT https://community.dynatrace.com/t5/Developer-Q-A-Forum/Downloading-blocked-by-CSP/m-p/261972#M1140 Auriane 2024-11-08T14:06:15Z https://community.dynatrace.com/t5/Developer-Q-A-Forum/Downloading-blocked-by-CSP/m-p/262056#M1145 <P>Hi Auriane,&nbsp;</P> <P>I'll update you soon with a better answer. For now, can you try to do<SPAN>&nbsp;a workaround which is to create an iframe with a download link instead of having it in the main document:</SPAN></P> <P>Some explanation: <A href="https://github.com/Shopify/shopify-app-bridge/issues/11#issuecomment-710605337" target="_blank" rel="noopener">https://github.com/Shopify/shopify-app-bridge/issues/11#issuecomment-710605337</A></P> <PRE class="language-javascript"><CODE>function downloadBlobFile(file) { const blobUrl = URL.createObjectURL(file); const iframe = document.createElement('iframe'); iframe.style.display = 'none'; iframe.addEventListener('load', () =&gt; { const a = iframe.contentDocument.createElement('a'); a.href = blobUrl; a.download = file.name; iframe.contentDocument.body.appendChild(a); a.click(); }) document.body.appendChild(iframe); setTimeout(() =&gt; { document.body.removeChild(iframe); }, 1000); } const file = new File(['Hello, world!'], "aaa.json",{type: 'application/json'}); downloadBlobFile(file);</CODE></PRE> <P>&nbsp;</P> Mon, 11 Nov 2024 12:44:34 GMT https://community.dynatrace.com/t5/Developer-Q-A-Forum/Downloading-blocked-by-CSP/m-p/262056#M1145 haris 2024-11-11T12:44:34Z https://community.dynatrace.com/t5/Developer-Q-A-Forum/Downloading-blocked-by-CSP/m-p/262134#M1150 <P>It works !</P><P>Thank you</P> Tue, 12 Nov 2024 09:05:38 GMT https://community.dynatrace.com/t5/Developer-Q-A-Forum/Downloading-blocked-by-CSP/m-p/262134#M1150 Auriane 2024-11-12T09:05:38Z