Documentation Frames Broken by Content-Security-Policy

Question

Documentation Frames Broken by Content-Security-Policy

rob-vince opened this issue 3 years ago · 1 comments

The How to Use tab on the OWASP Java Encoder site has a link to org.owasp.Encode class methods for browsing the documentation.

Following the link results in two blank frames and these errors in the console:

Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
index.html:63 Refused to frame 'https://owasp.org/owasp-java-encoder/encoder/apidocs/allclasses-frame.html' because it violates the following Content Security Policy directive: "frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com".
index.html:64 Refused to frame 'https://owasp.org/owasp-java-encoder/encoder/apidocs/org/owasp/encoder/package-summary.html' because it violates the following Content Security Policy directive: "frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com".
index.html?index-all.html:58 Refused to frame 'https://owasp.org/owasp-java-encoder/encoder/apidocs/index-all.html' because it violates the following Content Security Policy directive: "frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com".

OS/Browser: MacOS Mojave, Chrome 91 and others

Answer 1 · 2021-07-20T16:11:58.000Z

I just removed the link for now and will have to build a new JavaDoc that does not use frames. Closing for now.