How can I help you?
Permissions and Security in React PDF Viewer
4 Mar 20261 minute to read
Purpose
This page provides a concise security overview and recommended controls when using the EJ2 React PDF Viewer. It summarizes server-side and client-side measures to protect sensitive PDF content while using the viewer in web applications.
Key recommendations
- Enforce protections on the server: Perform encryption, permission flags, redaction, metadata stripping, and form flattening before serving files.
- Treat viewer UI settings as UX controls: Disabling print, download, or text-selection in the viewer improves user experience but is not a security boundary unless the underlying PDF enforces permissions.
- Use short-lived, authenticated access: Serve PDFs via tokenized endpoints or signed URLs rather than public buckets.
- Log and monitor access: Track downloads, apply rate limits, and enforce CORS and auth checks on PDF endpoints.
Quick actions
- Set PDF permissions (copy/print) using server-side PDF libraries before delivery.
- Remove embedded files, scripts, and metadata during preprocessing.
- Flatten form fields and sanitize form data when publishing public documents.
- Hide or disable viewer UI elements for additional UX control.