Content Security Policy error using HTML5 PDF Printer

[Adam Sammut]

Hi all,

 

Just wondering if anyone has come across this issue when using the Receiver for HTML5 and the Citrix PDF Printer in Chrome.

 

Whenever we try to print using the Citrix PDF Printer in Chrome we receive the following error in the Chrome Console when the popup (that's meant to contain the PDF) appears...

 

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-.....'), or a nonce ('nonce-...') is required to enable inline execution.

Refused to load plugin data from 'blob:

https://FQDN/GUID

' because it violates the following Content Security Policy directive: "object-src 'self'".

 

We are running the following setup (upgraded from XenApp 7.9 and StoreFront 3.6 to XenApp 7.13 and StoreFront 3.9 in an effort to resolve the issue, but had no luck)...

 

NetScaler Gateway 10.5 XenApp 7.13 StoreFront 3.9 Citrix PDF Printer 7.11

 

Any suggestions would be greatly appreciated.

 

Thanks

 

[Shruthi Udayakumar]

Hi Adam,

 

There was an update with Google Chrome v.57 and PDF printing was broken with that.

This issue has been fixed in HTML5 Receiver v 2.4.

 

Please upgrade to the latest version of HTML5 Receiver and the installers can be downloaded from https://www.citrix.com/downloads/citrix-receiver/html5/receiver-for-html5-latest.html 

 

Regards

Shruthi U

[Shruthi Udayakumar]

Hi Adam,

 

What is the version of HTML5 Receiver used ? (You can check by expanding the in-session toolbar and then click on the more button then about button).

 

Does the tab opened containing PDF shows only white ? 

 

Regards

Shruthi U

[Adam Sammut]

Hi Shruthi,

 

We are using HTML5 Receiver version 2.3.0.328.

 

Yes when the tab opens it only shows white.

 

Thanks,

 

Adam

[Miroslav Blasko]

u need to add blob:   to default-src

 

 

"default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://localhost:* blob: data:"