Hey, I am hosting a pdf on sanity and put it in a link on a webpage, recently I discovered that in safari it shows `Blocked plug-in` when clicking the link. This behavior...

I understand this is frustrating, especially since it's worked fine for 2 years and suddenly started causing issues in Safari. Based on your code example, this appears to be a Safari-specific behavior rather than a Sanity CDN issue.

The Sanity Asset CDN serves PDFs and other files reliably across browsers - it's built on Google's global CDN infrastructure and handles caching for files up to 5 TB. The fact that your PDF works in other browsers and that your comparison link (the bernina.com PDF) works fine in Safari suggests this is about how Safari is interpreting or handling the specific way the file is being served.

What's likely happening:

Safari's "Blocked Plug-in" message typically appears when Safari's security policies prevent certain types of embedded content from loading. This can be triggered by:

1. Content Security Policy (CSP) headers on your website that restrict where plugins/objects can load from
2. Safari's evolving security policies that have become stricter over time (which would explain why this is new behavior)
3. How the browser interprets the link when opening in a new tab with target="_blank"

Practical troubleshooting steps:

1. Check your website's Content Security Policy

If your website has CSP headers configured, Safari might be blocking the PDF because cdn.sanity.io isn't explicitly allowed. Check your server's response headers or meta tags for CSP directives. If you find them, you may need to add:

Content-Security-Policy: object-src 'self' https://cdn.sanity.io;

Or if you're using frame-src or default-src, ensure cdn.sanity.io is included there as well.

2. Test without target="_blank"

Try temporarily removing target="_blank" to see if opening in the same tab avoids Safari's blocking:

<a 
  href="https://cdn.sanity.io/files/m29pqcus/staging/d103fbd4191583b07c87301e18e1afd954e62348.pdf" 
  rel="noopener"
>
  Aktuelle Verhaltensregeln / Hygienemaßnahmen.
</a>

3. Check Safari's settings

Have both you and your aunt check Safari's settings:

• Go to Safari → Settings → Websites → Plug-ins
• Look for any blocked items related to PDFs or the specific domain
• Also check Settings → Websites → Pop-up Windows to ensure nothing is being blocked there

4. Consider a download attribute (with limitations)

You can try adding a download attribute to force a download instead of inline viewing:

<a 
  href="https://cdn.sanity.io/files/m29pqcus/staging/d103fbd4191583b07c87301e18e1afd954e62348.pdf" 
  download="verhaltensregeln.pdf"
  target="_blank" 
  rel="noopener"
>
  Aktuelle Verhaltensregeln / Hygienemaßnahmen.
</a>

Note that the download attribute may not work for cross-origin resources unless the server sends appropriate CORS headers, but it's worth testing.

Why this might be Safari-specific:

Safari has historically been more restrictive than Chrome or Firefox when handling cross-origin resources and embedded content. The Sanity CDN is working correctly - it's Safari's interpretation of how to handle that content that's causing the issue. The timing (new behavior after 2 years) aligns with Safari's regular security updates.

Next steps:

Start by checking for CSP headers on your site (option 1), as this is the most common cause of "Blocked Plug-in" errors. If you don't have access to server headers or that doesn't resolve it, testing without target="_blank" (option 2) will help narrow down whether it's specifically about new tab behavior. The Safari settings check (option 3) is worth doing to rule out user-level blocking.

If none of these resolve it, you might consider using a JavaScript PDF viewer library like PDF.js for a more controlled rendering experience that doesn't rely on Safari's native PDF handling.