From eeb42c6dde2c79ed1f1cb6263d55f38655a506bf Mon Sep 17 00:00:00 2001
From: Michael Wedl <michael@syslifters.com>
Date: Wed, 15 Jan 2025 10:10:22 +0100
Subject: [PATCH] Update CSP to fix PDF download in Firefox

---
 api/src/reportcreator_api/conf/settings.py | 3 ++-
 packages/frontend/nuxt.config.ts           | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/src/reportcreator_api/conf/settings.py b/api/src/reportcreator_api/conf/settings.py
index da15c211..fde21f36 100644
--- a/api/src/reportcreator_api/conf/settings.py
+++ b/api/src/reportcreator_api/conf/settings.py
@@ -429,9 +429,10 @@ def remove_empty_items(lst=None):
         'font-src': [SELF],
         'worker-src': [SELF],
         'connect-src': [SELF, 'data:', 'https://portal.sysreptor.com'],
-        'frame-src': [SELF],
         'frame-ancestors': [SELF],
         'form-action': [SELF],
+        # PDF.js in Firefox requires "blob:" for saving/downloading PDFs
+        'frame-src': [SELF, 'blob:'],
         # nuxt, vuetify and markdown preview use inline styles
         'style-src': [SELF, UNSAFE_INLINE],
         'script-src': [
diff --git a/packages/frontend/nuxt.config.ts b/packages/frontend/nuxt.config.ts
index 0c4009fe..f6b565a1 100644
--- a/packages/frontend/nuxt.config.ts
+++ b/packages/frontend/nuxt.config.ts
@@ -50,6 +50,9 @@ export default defineNuxtConfig({
     optimizeDeps: {
       include: ['vuedraggable', 'monaco-editor', '@github/webauthn-json/browser-ponyfill'],
     },
+    worker: {
+      format: 'es',
+    },
     server: {
       proxy: {
         '/api': {