github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-03-22 06:02:06 -05:00
Code Issues 308 Packages Projects Releases 100 Wiki Activity

feat: PDFs not rendering inside iframe/object due to sandbox restrictions #6263

New Issue
Closed
opened 2025-11-11 16:49:35 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-11 16:49:35 -06:00
Owner
Copy Link

Originally created by @agoston-huszka-wespeakai on GitHub (Aug 29, 2025).

Check Existing Issues

  • I have searched the existing issues and discussions.

Problem Description

I’m unable to render PDFs inline within OpenWebUI.

Using

Originally created by @agoston-huszka-wespeakai on GitHub (Aug 29, 2025). ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description I’m unable to render PDFs inline within OpenWebUI. Using <object>: <object data="/static/exports/pdfs/example.pdf" type="application/pdf" width="800" height="600"></object> Error: Failed to load '<base_path>/static/exports/pdfs/example.pdf' as a plugin, because the frame into which the plugin is loading is sandboxed. Using <iframe>: <iframe src="/static/exports/pdfs/example.pdf" width="100%" height="600px"></iframe> Error: This page has been blocked by Chrome The file is accessible directly if I open /static/exports/pdfs/example.pdf in a new tab, so the PDF itself is fine — it just cannot be embedded in the UI. ### Desired Solution you'd like I’d like to be able to display PDFs inline in the artifacts/preview panel, either via <object> or <iframe>. Possible approaches: Adjusting the sandbox attributes on the iframe to allow PDF plugins. Ensuring headers like X-Frame-Options or Content-Security-Policy aren’t blocking inline PDF rendering. (Alternatively) providing an OpenWebUI-native way to embed PDFs (similar to SVG rendering). ### Alternatives Considered _No response_ ### Additional Context _No response_
GiteaMirror commented 2025-11-11 16:49:36 -06:00
Author
Owner
Copy Link

@rgaricano commented on GitHub (Aug 29, 2025):

userSettings/Interface/Artifacts - Check iframe sandbox options

@rgaricano commented on GitHub (Aug 29, 2025): userSettings/Interface/Artifacts - Check iframe sandbox options
GiteaMirror commented 2025-11-11 16:49:36 -06:00
Author
Owner
Copy Link

@agoston-huszka-wespeakai commented on GitHub (Aug 29, 2025):

Thanks, I checked the suggested settings and both

iframe Sandbox Allow Same Origin
iframe Sandbox Allow Forms

are set to ON, but the issue remains the same — the PDF is still not rendering inside

@agoston-huszka-wespeakai commented on GitHub (Aug 29, 2025): Thanks, I checked the suggested settings and both iframe Sandbox Allow Same Origin iframe Sandbox Allow Forms are set to ON, but the issue remains the same — the PDF is still not rendering inside <iframe> or <object>
GiteaMirror commented 2025-11-11 16:49:37 -06:00
Author
Owner
Copy Link

@rgaricano commented on GitHub (Aug 29, 2025):

I had some changes on my end regarding iframe rendering, I'll PR them briefly.

Right now, if you want to make it work with a quick fix:
Replace
2407d9b905/src/lib/components/chat/Messages/Markdown/HTMLToken.svelte (L81)
by

sandbox="allow-scripts allow-downloads{($settings?.iframeSandboxAllowForms ?? false)
        ? ' allow-forms'
        : ''}{($settings?.iframeSandboxAllowSameOrigin ?? false) ? ' allow-same-origin' : ''}"

and rebuild

@rgaricano commented on GitHub (Aug 29, 2025): I had some changes on my end regarding iframe rendering, I'll PR them briefly. Right now, if you want to make it work with a quick fix: Replace https://github.com/open-webui/open-webui/blob/2407d9b905978d68619bdce4021e424046ec8df9/src/lib/components/chat/Messages/Markdown/HTMLToken.svelte#L81 by ``` sandbox="allow-scripts allow-downloads{($settings?.iframeSandboxAllowForms ?? false) ? ' allow-forms' : ''}{($settings?.iframeSandboxAllowSameOrigin ?? false) ? ' allow-same-origin' : ''}" ``` and rebuild
GiteaMirror commented 2025-11-11 16:49:37 -06:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Aug 31, 2025):

Intended behaviour due to security issue, we'll explore ways to display pdfs natively.

@tjbck commented on GitHub (Aug 31, 2025): Intended behaviour due to security issue, we'll explore ways to display pdfs natively.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#6263
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?