I have this in my CSP key in web.config, frame-src 'self' blob: *.xxx.com *.xxx.com; and other things too like default-src , img-src and all but still while retrieving the image or pdf, I am getting error in console
Refused to frame 'blob:(the URL)' because it violates the following Content Security Policy directive: "frame-src *.xxx.com *.xxx.cn".
Any help would be highly appreciated.
The frame-src directive that you give is different from the one presented in the error message. This likely means that you have multiple CSPs defined. While your content passes "frame-src 'self' blob: *.xxx.com *.xxx.com", it is blocked by "frame-src *.xxx.com *.xxx.cn". Check your response headers and meta tags for all CSPs and remove/modify your policies to serve one working header.