Does confluence cloud allow changing x-frame-options header ?
Currently its set to SAMEORIGIN, and prevents any confluence page to be embedded in an iframe from a different domain.
I think Confluence Server is not a problem as we get to control the environment. But my question is specifically about Confluence Cloud. I'm looking for a way to change the header to allow from few safe authorized urls, as mentioned in the specs - https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Sure Nic, then we are same page, because anything that as a customer I can't change (even can't hack) is essentially considered not possible in my opinion.
I see you have a enhancement ticket opened here - https://jira.atlassian.com/browse/CONF-40640 in which you mention confluence.clickjacking.protection.disable as a way, but unless customer has a way to set this property, essentially there is no way, isn't? I'll +1 on your ticket, as this looks like a very important enhancement request to enable reusing confluence pages by embedding them elsewhere.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs