Content Security Policy - application/pdf?


So I’m embedding a PDF from a json response into an object tag after it’s successful and I check for errors (since parameters are being passed to it to populate it)… however, I get this in my console log… how do I allow application/pdf into object-src?

[Report Only] Refused to load plugin data from ‘data:application/pdf;base64,JVBERi0xLjQKJeLjz9MKMyAwIG9iago8PC9UeXBlIC9QYWd…QxOGNmN2VhNjZhNmQ4MjBkMTg4MDg2ZjBjYzA1Pl0KPj4Kc3RhcnR4cmVmCjQ5MjUxCiUlRU9G’ because it violates the following Content Security Policy directive: “object-src”.

Thank you for any help!

#2 This got rid of my error:

'object-src': "data:"