Liviu: the reported problem is the PDF is served with a Content-Security-Policy: header (from a web server, not local). The remote PDF loaded by your testcase does not have one.
Bug 1582115 Comment 4 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Liviu: the reported problem is the PDF is served with a `Content-Security-Policy:` header (from a web server, not local). The remote PDF loaded by your testcase does not have one.