For enhanced security, starting with Firefox 82, downloads initiated in an
<iframe> with the
sandbox attribute will be blocked by default. In order to allow such downloads, the embedder has to opt in by explicitly adding the
allow-downloads token to the HTML attribute or CSP
Google has already made the same change in Chrome 83 shipped in May 2020.