This is a topic that really threw me for a loop – I have an application which displays a receipt, but it was unable to display it properly. The issue was that my application is running on Domain A (mia.web-performance.ch) and the store that created the receipt is running on Domain B (pia.web-performance.ch). Whenever you clicked the link to view the PDF, you got a blocked page instead.
I spent quite some time searching for answers online, but unfortunately, most of the results I found were unhelpful and didn’t provide any real solutions.
The error I’m facing is ERR_BLOCKED_BY_CLIENT in Chrome. This was very unexpected as I think before I didn’t come across that “just” clicking a link caused me such an issue before.
pia.web-performance.ch is blocked
This page has been blocked by Chrome
ERR_BLOCKED_BY_CLIENT
You can see the error as I click on the link.
The crucial fix to resolve this issue was adding the “sandbox allow-popups-to-escape-sandbox” directive in the Content Security Policy (CSP). This fixed the issue and allowed the originating web server, not the system hosting the PDF.
You can see for yourself here: CSP crazyness “sandbox allow-popups-to-escape-sandbox” and target=”_blank” with pdf