Does confluence cloud allow changing x-frame-options header ?
Currently its set to SAMEORIGIN, and prevents any confluence page to be embedded in an iframe from a different domain.
I think Confluence Server is not a problem as we get to control the environment. But my question is specifically about Confluence Cloud. I'm looking for a way to change the header to allow from few safe authorized urls, as mentioned in the specs - https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Sure Nic, then we are same page, because anything that as a customer I can't change (even can't hack) is essentially considered not possible in my opinion.
I see you have a enhancement ticket opened here - https://jira.atlassian.com/browse/CONF-40640 in which you mention confluence.clickjacking.protection.disable as a way, but unless customer has a way to set this property, essentially there is no way, isn't? I'll +1 on your ticket, as this looks like a very important enhancement request to enable reusing confluence pages by embedding them elsewhere.
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
Hi Community, Jessica here from the Confluence Product Marketing team! July’s community challenge is all about sharing pictures — and as an extension of our first post on what ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs