Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Does confluence cloud allow changing x-frame-options header ?

Ajay Upadhyaya
Ajay Upadhyaya February 9, 2016

Does confluence cloud allow changing x-frame-options header ?

Currently its set to SAMEORIGIN, and prevents any confluence page to be embedded in an iframe from a different domain.

 

Answer
Watch
Like # people like this
1027 views

1 answer

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 9, 2016

No.  You need to hack the code (or settings in Tomcat for this one, I think).  

Changes like that are restricted functions, in order to keep the system supportable.

View More Comments
Ajay Upadhyaya
Ajay Upadhyaya February 9, 2016

I think Confluence Server is not a problem as we get to control the environment. But my question is specifically about Confluence Cloud. I'm looking for a way to change the header to allow from few safe authorized urls, as mentioned in the specs - https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 9, 2016

Cloud is what I answered for.

 

Like
Ajay Upadhyaya
Ajay Upadhyaya February 9, 2016

Do we have access to Tomcat settings in Confluence Cloud? I mean when I signup for confluence on atlassian.net do we get access to change anything on the server? From Confluence Admin settings I don't see an option to change anything for Tomcat / Java etc.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 9, 2016

As I already said, changes like that are restricted functions.

You can not change this stuff.

Like
Ajay Upadhyaya
Ajay Upadhyaya February 9, 2016

Sure Nic, then we are same page, because anything that as a customer I can't change (even can't hack) is essentially considered not possible in my opinion.

I see you have a enhancement ticket opened here - https://jira.atlassian.com/browse/CONF-40640 in which you mention confluence.clickjacking.protection.disable as a way, but unless customer has a way to set this property, essentially there is no way, isn't? I'll +1 on your ticket, as this looks like a very important enhancement request to enable reusing confluence pages by embedding them elsewhere. 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 9, 2016

Ah, it's not my issue, I'm not an Atlassian, but yes, vote on that to encourage them to enable something.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security