Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-16679

Content-Security-Policy and X-Frame-Options headers prevent iframes from being used in repository content

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.8.0, 3.9.0, 3.10.0
    • Fix Version/s: 3.11.0
    • Component/s: Security
    • Labels:
    • Environment:
      Chrome, Firefox

      Description

      A user on the nexus-user list discovered that javadoc for a maven site hosted in a Nexus repository doesn't work with the addition of the Content-Security-Policy header.

      It appears that this is due to the interaction with X-Frame-Options added in NEXUS-6569 which requires that frame content have the same origin.

        Attachments

          Issue Links

          is caused by

          Improvement - An improvement or enhancement to an existing feature or task. NEXUS-6569 Add X-Frame-Options header to avoid clickjacking

          • Major - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              mmartz Michael Martz
              Reporter:
              mpiggott Matthew Piggott
              Last Updated By:
              Peter Lynch
              Team:
              Nexus - UX
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title