Documentation Frames Broken by Content-Security-Policy
rob-vince opened this issue · 1 comments
rob-vince commented
The How to Use tab on the OWASP Java Encoder site has a link to org.owasp.Encode class methods for browsing the documentation.
Following the link results in two blank frames and these errors in the console:
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
index.html:63 Refused to frame 'https://owasp.org/owasp-java-encoder/encoder/apidocs/allclasses-frame.html' because it violates the following Content Security Policy directive: "frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com".
index.html:64 Refused to frame 'https://owasp.org/owasp-java-encoder/encoder/apidocs/org/owasp/encoder/package-summary.html' because it violates the following Content Security Policy directive: "frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com".
index.html?index-all.html:58 Refused to frame 'https://owasp.org/owasp-java-encoder/encoder/apidocs/index-all.html' because it violates the following Content Security Policy directive: "frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com".
OS/Browser: MacOS Mojave, Chrome 91 and others
jmanico commented
I just removed the link for now and will have to build a new JavaDoc that does not use frames. Closing for now.