Redmine

Hello, recently an issue arised that attachment downloads (for instance PDF) don't work using Safari.

There is an error message in the Javascript console:

Blocked script execution in 'https://redmine.test.domain/attachments/download/1234/letter.pdf' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

It is triggered by the CSP in app/controllers/attachments_controller.rb

headers['content-security-policy'] = "default-src 'none'; style-src 'unsafe-inline'; sandbox"

but is not affecting Firefox or Chrome so it might be a Safari Bug.

Redmine: 5.1.1
Mac OS Version: Sonoma
Safari Version: 17.4.1