Support » Plugin: PDF.js Viewer » Got a security defender warning on the PDF screen

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author Thomas McMahon

    (@twistermc)

    Microsoft Defender seems to have issues and I’m not sure why. I assume this is a core issue with PDF.js but I can’t confirm that. I do know it doesn’t affect everyone though. I wish I had a better answer but I’m not able to get any information from Microsoft Defender as to what the issue may be.

    Yeah, it’s really weird. It was working perfectly one minute then that message came up out of nowhere. Has this been a long term issue? Do you know if there will be a fix sometime in the near future? I think it’s a great plugin and would like to continue using it.

    Plugin Author Thomas McMahon

    (@twistermc)

    It’s new to the Chromium version of Edge. Not sure what’s going on.

    I’m going to post a bug to Mozilla’s site since it’s more than likely an issue with the core software.

    That makes a lot of sense. I was using Edge Chromium when the error appeared. I’d be very interested to hear Mozilla’s response on this one. Hopefully it will be resolved soon! Thanks for the update.

    Plugin Author Thomas McMahon

    (@twistermc)

    On another thread, the hypothesis is that Edge is crawling all the links in the PDF. If one of those links looks like a security concern, it’ll pop-up the warning. Even if your site is loading via https and one of the links in the PDF is to an http site.

    Does the PDF you’re loading have links in it? Can you try a PDF without links?

    The PDFs tested dont have any links in them at all. I will try uploading a blank document and see what happens however and report back.

    i have the same problem

    Plugin Author Thomas McMahon

    (@twistermc)

    @biotrace did you try a blank PDF?

    bt_dev

    (@biotrace)

    Sorry for the late reply. Yes, we did try a blank PDF but unfortunately the Windows Defender issue still occurred.

    We have since opted for an alternative solution so am unsure if this plugin still has the issue.

    Plugin Author Thomas McMahon

    (@twistermc)

    I’m not sure why Microsoft is doing this. I have seen the issue, but Microsoft doesn’t give me any details. Plus they don’t do it all the time. I’ll keep digging.

    aakash.sky

    (@aakashsky)

    The problem comes because of the double URL:
    https://mysite.com/wp-content/plugins/pdfjs-viewer-shortcode/pdfjs/web/viewer.php?file= https://mysite.com/wp-content/uploads/2020/07/myfile.pdf&dButton=true&pButton=true&oButton=false&v=1.5.1#zoom=auto

    Microsoft picks this up a security issue because it is, you are on one domain pulling content from another (it’s just they’re the same domain but they could be different as far as defender is concerned).

    If the base URL is removed from the file the security warning goes away:
    https://mysite.com/wp-content/plugins/pdfjs-viewer-shortcode/pdfjs/web/viewer.php?file= /wp-content/uploads/2020/07/myfile.pdf&dButton=true&pButton=true&oButton=false&v=1.5.1#zoom=auto

    Why is the base URL being included, can this be fixed it is not required.

    Hi!

    I’m having the same issue with Microsoft Edge. If removing the base URL as @aakashsky suggested, a warning message still appears, not on the PDF viewer itself but still, on the URL bar of the site.

    I have suscribed to this thread, in case someone finds a solution.

    Best,

    A.Sph

    Plugin Author Thomas McMahon

    (@twistermc)

    Fantastic find @aakashsky. I find it odd that Microsoft can’t see that the URLs are the same, but I can look into making it relative and see if that helps people.

Viewing 13 replies - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.