<div>
But here the frame content are indeed coming from the same domain.. <br />
Its returned by localhost.
</div>


But here the frame content are indeed coming from the same domain..
Its returned by localhost.

<div>
You are getting the error above because localhost is trying to access google.com. &nbsp;Are you saying you get the same error when localhost loads an iframe from localhost?
</div>


You are getting the error above because localhost is trying to access google.com.  Are you saying you get the same error when localhost loads an iframe from localhost?

<div>
<div class="content wysiwyg-content">
Hi,<br />
I am getting the following error in my console of firebug<br />
<b>Content Security Policy: The page's settings blocked the loading of a resource at <a href="http://www.google.com/" rel="ugc">http://www.google.com/</a>&nbsp;(&quot;frame-src data:&quot;).</b><br />
This error happens when i click on a link on my page which is loaded inside an iframe.. Following screenshot will better explain it : <br />
Here is the HTML of my page : <br />
<a href="https://filedb.experts-exchange.com/incoming/2016/02_w09/1083023/Screen-Shot-2016-02-23-at-8.21.26-PM.png" target="_blank" title="Screen-Shot-2016-02-23-at-8.21.26-PM.png (139 KB)"><img alt="Screen-Shot-2016-02-23-at-8.21.26-PM.png" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2016/02_w09/800_1083023/Screen-Shot-2016-02-23-at-8.21.26-PM.png" /></a>what actually i want is that this opens in a new tab or a new window altogether.<br />
I guess whats happening is that this is getting loaded inside the iframe and so content security policy is getting kicked in .<br />
<br />
Here is the header for my page which has csp : <br />
<a href="https://filedb.experts-exchange.com/incoming/2016/02_w09/1083024/Screen-Shot-2016-02-23-at-8.23.47-PM.png" target="_blank" title="Screen-Shot-2016-02-23-at-8.23.47-PM.png (80 KB)"><img alt="Screen-Shot-2016-02-23-at-8.23.47-PM.png" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2016/02_w09/800_1083024/Screen-Shot-2016-02-23-at-8.23.47-PM.png" /></a>This <a href="http://www.google.com" rel="ugc">www.google.com</a>&nbsp;is just an example.. there can be any link in the iframe... <br />
How should i handle this ?<br />
<br />
Thanks
</div>
</div>


Screen-Shot-2016-02-23-at-8.23.47-PM.png

Screen-Shot-2016-02-23-at-8.21.26-PM.png

Hi,
I am getting the following error in my console of firebug
Content Security Policy: The page's settings blocked the loading of a resource at http://www.google.com/ ("frame-src data:").
This error happens when i click on a link on my page which is loaded inside an iframe.. Following screenshot will better explain it : 
Here is the HTML of my page : 

what actually i want is that this opens in a new tab or a new window altogether.
I guess whats happening is that this is getting loaded inside the iframe and so content security policy is getting kicked in .

Here is the header for my page which has csp : 

This www.google.com is just an example.. there can be any link in the iframe... 
How should i handle this ?

Thanks

Content security policy violated when opening a link inside an iframe

JavaScript is a dynamic, object-based language commonly used for client-side scripting in web browsers. Recently, server side JavaScript frameworks have also emerged. JavaScript runs on nearly every operating system and  in almost every mainstream web browser.

JavaScript

Web browsers are applications used primarily to display documents, files and media from the Internet, identified by a Uniform Resource Identifier (URI) that can be a page, image, video or other file. Some browsers require the use of add-ons or extensions to safely render the information they receive; others have systems built into them to perform the same functions.

Web Browsers

Java Enterprise Edition (Java EE) is a specification defining a collection of Java-based server and client technologies and how they interoperate. Java EE specifies server and client architectures and uses profiles to define technology sets targeted at specific classes of applications. All Java EE profiles share a set of common features, such as naming and resource injection, packaging rules and security requirements.

Java EE

Web applications are systems that run in browsers that perform functions normally associated with other client-based programs. One of the most commonly used web applications is email; instead of downloading individual emails to a local machine, the data is shown through a website. Other examples of web applications are collaborative systems like a wiki or an online game.