I am using the newest confluence on demand version (5.3) and I have some problems with the iframe macro.
I am trying to display another website (not another confluence page) within a confluence page.
Lets talk about a sepcific example.
1. I set the url of the Iframe to www.google.com, the width to 500px and the height to 500px
The result is an Iframe box, displaying confluence and the error messega can't find page
2. I set the url of the Iframe to http://www.google.com, the width to 500px and the height to 500px
The result is an empty Iframe box
Do you know what I am doing wrong?
How can I display the conten or implement different weg pages?
Try this url in your iFrame: https://www.apple.com
Make sure it is httpS It works but http does not. But that's not the whole story because we have http iFrames that used to work and now don't.
Atlassian was working with me and here is their suggestion.
Since iFrame is part of the Adaptavist Content Formatting Macros, my suggestion is to contact them regarding this problem. If there were error messages in the logs, we could try investigating them, but since there are no error messages that can help us understand what's going on, we believe this is on Adaptavist side. There might have been changes on the add-on that are causing the issue you are having.
I will follow up with Adaptavist and if I get any information I will update this thread.
I am in contact with the atlassian support and the staff member gave me a really helpful hint.
She said that some websites are using a http header called x-frame-options (link). If this header is set to:
DENY: The page cannot be displayed in a frame, regardless of the site attempting to do so.
SAMEORIGIN: The page can only be displayed in a frame on the same origin as the page itself.
ALLOW-FROM uri: The page can only be displayed in a frame on the specified origin.
Additionally she said the link must be a secure URL (https). Which is in my opinion useless because this narrows the selection of working URL's a lot.
Anyways, I could't manage to find any working link. Even with https and without the x-frame-header.
This is actually the case for us as well.
We're using our Confluence instance on HTTPS and our browsers stop all things embedded in HTTP. As far as I can see, this is no fault of Atlassian or Adaptavist, it's a security issue recently introduced into all the major browsers.
Two more data points about the iframe problem:
1. The problem is definitely not the iframe macro. I used the HTML macro containing the html code to embed a page with an iframe, and this doesn't work either.
(HTML macro) <iframe src="URL"></iframe> (end of HTML macro)
2. A possible alternative is to use the HTML Include macro as a way to include external content on a wiki page. It works very similarly to the iframe macro, you just have to specify the URL. It doesn't always display the page exactly as you see it in the wild, but the content is there. Caveat: The Confluence HTML macros are frequently disabled by system admins because of potential security issues.
I wrote an email to adaptavist and they said:
"The Content Formatting Macros is not compatible yet with that Specific
version of Confluence, so it could be not working as expected.
It is our high priority Plugin's and we are working on it."
"We are currently working on upgrading the ThemeBuilder to Confluence 5.3 and Content Formatting Macros is also expected to be upgraded soon. A more accurate update about the timescale can be given to you early next week."
We faced this problem recently with our on-premise instance of Confluence. It seems that some recent security handling changes in most browsers have impacted on the ability to embed external content in iframes. This explanation was helpful: https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/
If you can change the external content to be delivered over HTTPS then that's a solution. Otherwise you can advise users how to override the default blocking behaviour (look for the shield in the address bar in Firefox, as explained in the link above).
Guys, it's not a bug, I don't work for Atlassian, it's a CORS issue which means there is a header on their content that requires the data to orginate at source. Browsers now block cross-origin content between two different servers. This prevents webpages being embedded using iFrames which is a security-related matter. It's reasonable enough for companies with open API's to stop any Tom Dick and Harry running bots like scrapers etc, ultimately they could breach content IP and nick your content. I realise its annoying as I can't embed the content either. What we'd like is the Confluence Cloud REST API to give us iframeable content output of a page or blogpost, and we'd be happy to use a security API Token to prevent unwanted access to our content. It's not unreasonable for customers wanting to embed blog posts at the very least! So what people are reasonably now complaining about and asking for is - that there is no codeless or even code minimal alternative here, so they've been left in the lurch, even though this is Browser extra security that's started all this off.
Hello Confluence Community! What if i told you that you could have a healthier life and be 100% meet-less? This month, we're promoting a healthy, balanced work diet with Confluence. We la...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events