Adobe Embed API CSP Error Chrome 98

[simionrobert]

Expected Behaviour

Adobe pdf embed services should also work in older browser versions like Chrome 98.
In regards to this, the 'data:' element in the 'script-src' CSP HTTP header should exist.

Actual Behaviour

In Chrome vs 98, the iframe generated by the Adobe Embed API (https://github.com/adobe/pdf-embed-api-samples/tree/master/More%20Samples/Angular%20Samples) throws the error:
Refused to load the script 'data:application/javascript;charset=utf-8;base64,Ly0...' because it violates the following Content Security Policy Directive: "script -src 'self' use.typekit.net ...".

Hence, the problem is that the 'data:' element in the 'script-src' CSP HTTP header is not included.
Bellow is the CSP HTTP Header.
default-src 'none'; upgrade-insecure-requests; base-uri 'self'; form-action 'none'; script-src 'self' use.typekit.net assets.adobedtm.com www.adobe.com/marketingtech/ prod.adobeccstatic.com/utilnav/ widget.uservoice.com by2.uservoice.com/t2/ assets.adobe.com api.demandbase.com/api/v2/ip.json commerce.adobe.com; style-src 'self' 'unsafe-inline' use.typekit.net prod.adobeccstatic.com/utilnav/ assets.adobe.com; connect-src 'self' dc-api.adobe.io dc-api-v2.adobe.io p13n.adobe.io/fg/api/ sstats.adobe.com dpm.demdex.net viewlicense.adobe.io/viewsdklicense/ viewlicense.adobe.io/domainVerification/ viewlicense.adobe.io/variations/service_delivery_auth performance.typekit.net use.typekit.net p.typekit.net dc-api.adobecontent.io dc-api-v2.adobecontent.io by2.uservoice.com/t2/ pgc.adobe.io/api/discovery files.acrobat.com/api/base_uris *.adobesign.com/ *.documents.adobe.com/ cctypekit.adobe.io/v1/ bps-il.adobe.io/jil-api/users/ *.amazonaws.com commerce.adobe.com send.acrobat.com; img-src 'self' blob: data: about: p.typekit.net images.pexels.com/photos/ *.documents.adobe.com/ *.adobesign.com/ *.echosign.com; frame-src 'self' https://acrobat.uservoice.com/ *.documents.adobe.com/ commerce.adobe.com *.adobesign.com/ *.echosign.com; font-src 'self' use.typekit.net; child-src 'self'; report-uri https://dc-api.adobe.io/system/csp?source=viewsdkprod

Reproduce Scenario (including but not limited to)

Steps to Reproduce

1. Install Chrome 98
2. Build and run the project
3. Open the website and view the pdf file

Platform and Version

Chrome 98
Angular 18

Sample Code that illustrates the problem

Logs taken while reproducing problem

[dannycabrera]

Running into same. Applied a content-security-policy meta tag which did not help. Weird part is if that I open Developer Tools, the PDF will load so not sure what developer tools is doing to allow it to load. Some additional context, I'm loading a base64 string client-side which is loaded into the adobeDCView object via a promise.

<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' https://use.typekit.net https://assets.adobedtm.com https://www.adobe.com/marketingtech/ https://prod.adobeccstatic.com/utilnav/ https://widget.uservoice.com https://by2.uservoice.com/t2/ https://assets.adobe.com https://api.demandbase.com/api/v2/ip.json https://commerce.adobe.com https://acrobatservices.adobe.com https://dc-api.adobe.io">