Hi. Have experienced a new problem with Confluence over the last few months, and wondering if anyone has any advice or solutions:
We are currently on v3.5.16 of Confluence (upgrading next month), and use Firefox v25.1 (or latest) as our browser for Confluence. We run Confluence behind our firewall on HTTP.
So, fairly recently, I noticed (around two months ago) that any external content that we have on Confluence (eg. our shareprice feed hosted externally that fed in; our Twitter feed; any iFrames showing external content; any embedded videos from Vimeo or youtube; the JIRA Issues macro).
Our IT team do not know where to start looking to help solve this issue. My initial view was that it was a proxy issue or a firewall rule that is blocking Confluence from accessing any external content. Their view is that it is down to Firefox's new security feature that blocks mixed content - apparently when visiting a website using HTTPS protocol, any active content on the page running over HTTP protocol will be blocked by Firefox.
I wasn't so sure about thier reasoning, but I tested this by running Confluence on IE, and when the browser asks to show all content (including insecure), our content (external feeds, iFrame, videos) does actually display.
So my question is - has anyone else experienced a similar issue? Do you know how users of Confluence can get around this browser issue (if it is a browser isue)? Or do you think this could be another type of problem? NB. We use Firefox as recommended browser for Confluence (IE does not work at all in terms of delivering Confluence functionality).
I appreciate any advice you can give me, even if it is just to stop me looking in the wrong place.
Hi Tim, You've definitely come to the correct conclusion about the problem. Firefox (and now Chrome), both block mixed content by default now.
We've updated the Widget Connector to load content it's displaying (eg: YouTube) in version 2.3.0 (see https://ecosystem.atlassian.net/browse/WC-75), but this version of the plugin needs at least Confluence 5.2.3.
In the mean time before you upgrade, you can change the default setting in Firefox to allow the mixed content again, some quick instructions I found - http://etudes.org/gateway/article_mixed_content.html
By the way, I'd be really interested to hear more about your comment on IE. Drop me an email if you'd like to share some more details - jmasson at atlassian dot com.
Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs