Downloading "blob" blocked by Chrome

338 views
Skip to first unread message

Sintel Jamie

unread,
Oct 17, 2024, 5:48:30 PM10/17/24
to Security-dev

Hi team,

 

Recently a javascript application is unable able to save generated file content in Chrome, it is “blocked by your organization”.

 

      const blob = new Blob([xml], {type: 'application/xml'});

      const href = URL.createObjectURL(blob);

      const element = document.createElement('a')

      element.href = href;

      element.setAttribute('download', fileName);

      element.click();

 

I am unable to find more information relating to this issue on the internet.

The javascript is initially served via https. 

Does a “blob” with a “secure” base URL classify as insecure, and is now blocked?

How can such code work now?

 

Regards

Lily Chen

unread,
Oct 18, 2024, 12:23:11 AM10/18/24
to Sintel Jamie, Security-dev
Do you have an enterprise policy installed (check chrome://policy), such as DownloadRestrictions? That's usually how you get a "blocked by your organization" message.

The origin of a blob URL is supposed to be the same as that of the blob's creator.

Ashly Schwan

unread,
Oct 21, 2024, 5:42:55 PM10/21/24
to Security-dev

Hi team,

 

Recently a javascript application is unable able to save generated file content in Chrome, it is “blocked by your organization”.

 

      const blob = new Blob([xml], {type: 'application/xml'});

      const href = URL.createObjectURL(blob);

      const element = document.createElement('a')

      element.href = href;

      element.setAttribute('download', fileName);

      element.click();

 

I am unable to find more information relating to this issue on the internet.

The javascript is initially served via https. 

Does a “blob” with a “secure” base URL classify as insecure, and is now blocked?

How can such code work now?

 

Regards

Peter

 


Sensitivity: C1 Public

The content of this e-mail is intended only for the confidential use of the person addressed.
If you are not the intended recipient, please notify the sender and delete this e-mail immediately.
Thank you.

Reply all
Reply to author
Forward
0 new messages