Issues with Content Security Policy

Hello, I've been a user of PDF Annotate for a while, thank you so much for developing it! I tried today to install it and got an error while trying to open a PDF

  • NC version: 22.2.5
  • pdfannotate version 0.0.10

When clicking a PDF I have this message:

PDF.js v2.0.943 (build: dc98bf76)
Message: Setting up fake worker failed: "Cannot load script at: https://test2.girofle.cloud/apps/pdfannotate/3rdparty/pdfjs/build/pdf.worker.js?v=0.0.10".

Capture_d_écran_du_2022-09-15_10-01-51

Permissions of the pdfannotate are correct and I can access the pdf.worker.js from the same browser. Firefox inspector shows: Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à https://test2.girofle.cloud/apps/pdfannotate/3rdparty/pdfjs/build/pdf.worker.js?v=0.0.10 (« script-src »).

The CSP of the main page are: content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-cEFySk9yVFd2WjFac1A3a1E1ckdSSml4UFN0dnJraXNZZGQ4QTM5Z3RIST06OUQvL1h2T0E2ZXNEOWIrbWNmZVZLOXY0Q3hvTmhRcklDcFl4TWhja255UT0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443 wss://test2.girofle.cloud;media-src 'self' blob:;frame-src 'self';child-src blob: 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'

As I understand, each Nextcloud app maintains its own CSP, this is why I am posting. More Firefox debug logs:

Capture_d_écran_du_2022-09-15_10-07-00

Capture_d_écran_du_2022-09-15_10-06-40

Any pointer will be greatly appreciated!

Edited by Royal Kitten