Downloading "blob" blocked by Chrome

Sintel Jamie

unread,

Oct 17, 2024, 5:48:30 PM10/17/24

to Security-dev

Hi team,

Recently a javascript application is unable able to save generated file content in Chrome, it is “blocked by your organization”.

const blob = new Blob([xml], {type: 'application/xml'});

const href = URL.createObjectURL(blob);

const element = document.createElement('a')

element.href = href;

element.setAttribute('download', fileName);

element.click();

I am unable to find more information relating to this issue on the internet.

The javascript is initially served via https.

Does a “blob” with a “secure” base URL classify as insecure, and is now blocked?

How can such code work now?

Regards

Lily Chen

unread,

Oct 18, 2024, 12:23:11 AM10/18/24

to Sintel Jamie, Security-dev

Do you have an enterprise policy installed (check chrome://policy), such as DownloadRestrictions? That's usually how you get a "blocked by your organization" message.

The origin of a blob URL is supposed to be the same as that of the blob's creator.

Ashly Schwan

unread,

Oct 21, 2024, 5:42:55 PM10/21/24

to Security-dev

Hi team,

Recently a javascript application is unable able to save generated file content in Chrome, it is “blocked by your organization”.

const blob = new Blob([xml], {type: 'application/xml'});

const href = URL.createObjectURL(blob);

const element = document.createElement('a')

element.href = href;

element.setAttribute('download', fileName);

element.click();

I am unable to find more information relating to this issue on the internet.

The javascript is initially served via https.

Does a “blob” with a “secure” base URL classify as insecure, and is now blocked?

How can such code work now?

Regards

Peter

Sensitivity: C1 Public

The content of this e-mail is intended only for the confidential use of the person addressed.
If you are not the intended recipient, please notify the sender and delete this e-mail immediately.
Thank you.

Reply all

Reply to author

Forward