Gantt Gadget in confluence is given the AJAX-based request error

Yoo InChul December 11, 2013

Hi,

When I setup the Gantt-Chart Gadget in Confluence page, it is given the below error message.

Security aspect:
You are not allowed to request content from within the JIRA Gantt-Chart gadget, most likely due to your same-origin-policy!

AJAX-based request to http://test.skhynix.com/is denied.
Please contact your administrato

Our system configuration is like below;

I used the apache with reverse proxy and tomcat and each machine is consisted of same apache and tomcat structure.

Jira Server URL : jira.domain.com:8080

Confluence Server URL : confluence.domain.com:8090

Also, I used the trusted application as Application Links.

Other plugins, Structure and Agile is well working in this environments.

Can you give me any suggestion to solve this problem ?

Thanks

Inchul, Yoo

1 answer

0 votes
Frank Polscheit
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 11, 2013

Hi,

my Gantt-Chart Gadget loads additional data via AJAX using JIRA's baseUrl. Please ensure, that your local setup of Confluence and JIRA do not violate the "same origin policy" (have a look at wikipediaand other online sources for more details). This security aspect might block your Gadget! - I do not implement any workaround to overrule that browser security and Atlassian by itself has swiched away from using e.g. JSONP. Application Links are used for authentication and authorization on a higher OSI-level and have nothing to do with lower level security on the basis of http.

My suggestion is to configure baseUrls llike "http://my.company.com:8080/confluence" and "http://my.company.com:8080/jira" in order to fullfil the security requirements (keep same internet-protocol, domain and port for Confluence and JIRA). If you want to operate with 2 different Tomcats, each per Atlassian application, you should put a http-server like Apache in front of them on "http://my.company.com:8080", redirecting to JIRA or Confluence based on the following path.

As an alternative, you can use a reverse proxy: setting up a simple reverse proxy on the server, will allow the browser to use relative paths for the Ajax requests, while the server would be acting as a proxy to any remote location.

If using mod_proxy in Apache, the fundamental configuration directive to set up a reverse proxy is theProxyPass. It is typically used as follows:

ProxyPass/ajax/ http://other-domain.com/ajax/

In this case, the browser would be able to request /ajax/web_service.xml as a relative URL, but the server would serve this by acting as a proxy to http://other-domain.com/ajax/web_service.xml.

Beside this, one interesting feature of the this method is that the reverse proxy can easily distribute requests towards multiple back-ends, thus acting as a load balancer, too (if you have a large clustered implementation of JIRA/Confluence).

Regards,
Frank

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events