Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 442604

Summary: Empty Page / This content cannot be displayed in a frame
Product: Community Reporter: Dani Megert <daniel_megert>
Component: BugzillaAssignee: Eclipse Webmaster <webmaster>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: P3 CC: denis.roy, kitlo
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Windows 7   
Whiteboard:
Bug Depends on:    
Bug Blocks: 442547    

Description Dani Megert CLA 2014-08-26 12:01:37 EDT 
When clicking on bugzilla links in the help center one gets an empty page and when I do this inside my Eclipse IDE I get this:
    "This content cannot be displayed in a frame" or an empty page.

Is there a reason to prevent showing the bug report in a frame?

Test Case:
1. open
http://help.eclipse.org/luna/topic/org.eclipse.platform.doc.user/tasks/running_eclipse.htm?cp=0_3_0

2. scroll down and click on the '139319' link
==> empty page
Comment 1 Denis Roy CLA 2014-08-26 12:47:47 EDT 
The latest Bugzilla upgrade is responsible for this.  It is to prevent inlining content into a foreign frame to prevent Cross-site request forgery attacks.

Links to external sites inside a frame should open in a new window/tab.  I think we should move this to UA.
Comment 2 Dani Megert CLA 2014-08-27 04:11:55 EDT 
(In reply to Denis Roy from comment #1)
> The latest Bugzilla upgrade is responsible for this.  It is to prevent
> inlining content into a foreign frame to prevent Cross-site request forgery
> attacks.

OK.

> Links to external sites inside a frame should open in a new window/tab.  I
> think we should move this to UA.

I disagree. For a user this is a bad experience.
Comment 3 Denis Roy CLA 2014-08-27 08:58:41 EDT 
> I disagree. For a user this is a bad experience.

So are frames  :)

At any rate, I'm not sure what you'd want us to do.  We're not going to remove the CSRF protection on Bugzilla.
Comment 4 Dani Megert CLA 2014-08-27 09:27:24 EDT 
(In reply to Denis Roy from comment #3)
> We're not going to
> remove the CSRF protection on Bugzilla.

OK.
Comment 5 Dani Megert CLA 2014-08-27 09:50:26 EDT 
(In reply to Dani Megert from comment #0)
> When clicking on bugzilla links in the help center one gets an empty page
> and when I do this inside my Eclipse IDE I get this:
>     "This content cannot be displayed in a frame" or an empty page.

To close on this: the difference, empty page (Firefox) vs. error page (IE), comes from the browser. Chrome doesn't even switch the page and just ignores the click.

We'll go and fix this with bug 442547.