Try this url in your iFrame: https://www.apple.com

Make sure it is httpS It works but http does not. But that's not the whole story because we have http iFrames that used to work and now don't.

Atlassian was working with me and here is their suggestion.

Since iFrame is part of the Adaptavist Content Formatting Macros, my suggestion is to contact them regarding this problem. If there were error messages in the logs, we could try investigating them, but since there are no error messages that can help us understand what's going on, we believe this is on Adaptavist side. There might have been changes on the add-on that are causing the issue you are having.

I will follow up with Adaptavist and if I get any information I will update this thread.

I am in contact with the atlassian support and the staff member gave me a really helpful hint.

She said that some websites are using a http header called x-frame-options (link). If this header is set to:

DENY: The page cannot be displayed in a frame, regardless of the site attempting to do so.

SAMEORIGIN: The page can only be displayed in a frame on the same origin as the page itself.

ALLOW-FROM uri: The page can only be displayed in a frame on the specified origin.

Additionally she said the link must be a secure URL (https). Which is in my opinion useless because this narrows the selection of working URL's a lot.

Anyways, I could't manage to find any working link. Even with https and without the x-frame-header.

Did you figure this out? Previously i was displaying iFrames fine but now they have stopped displaying and I am getting the exact same behavior you describe above. I am using Confluence OnDemand

Hi Edward,

no I did not figure this out. I am still waiting for a response. I tried nearly everything in confluence and I don't have an idea why it doesn't work.

Yeah, I can confirm that I can only get HTTPS sites to work with this Macro in our OnDemand instance of Confluence. Hopefully they fix the plugin soon!

This is actually the case for us as well.

We're using our Confluence instance on HTTPS and our browsers stop all things embedded in HTTP. As far as I can see, this is no fault of Atlassian or Adaptavist, it's a security issue recently introduced into all the major browsers.

Two more data points about the iframe problem:

1. The problem is definitely not the iframe macro. I used the HTML macro containing the html code to embed a page with an iframe, and this doesn't work either.

(HTML macro)
<iframe src="URL"></iframe>
(end of HTML macro)

2. A possible alternative is to use the HTML Include macro as a way to include external content on a wiki page. It works very similarly to the iframe macro, you just have to specify the URL. It doesn't always display the page exactly as you see it in the wild, but the content is there. Caveat: The Confluence HTML macros are frequently disabled by system admins because of potential security issues.

I wrote an email to adaptavist and they said:

"The Content Formatting Macros is not compatible yet with that Specific

version of Confluence, so it could be not working as expected.
It is our high priority Plugin's and we are working on it."

"We are currently working on upgrading the ThemeBuilder to Confluence 5.3 and Content Formatting Macros is also expected to be upgraded soon. A more accurate update about the timescale can be given to you early next week."

We faced this problem recently with our on-premise instance of Confluence. It seems that some recent security handling changes in most browsers have impacted on the ability to embed external content in iframes. This explanation was helpful: https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

If you can change the external content to be delivered over HTTPS then that's a solution. Otherwise you can advise users how to override the default blocking behaviour (look for the shield in the address bar in Firefox, as explained in the link above).

is there any update to this? it still seems to be the case and has broken many of our pages that contain external content.

This is absurd. Confluence, do you want to actually develop this properly? It's a common feature and you've broken a lot of our ondemand intranet.

Hi,

I am encountering the same issue - tried to display another website and the result is an empty box. I am also working with Confluence 5.3.

@ Atlassian: are you working on fixing that bug? When it is planned to be fixed?

Thank you.

i cant seem to load the webpage in the iframe macro inside a card. It seems to work outside the card. my webpage url is https. Any help is greatly appreciated

Guys, it's not a bug, I don't work for Atlassian, it's a CORS issue which means there is a header on their content that requires the data to orginate at source. Browsers now block cross-origin content between two different servers. This prevents webpages being embedded using iFrames which is a security-related matter. It's reasonable enough for companies with open API's to stop any Tom Dick and Harry running bots like scrapers etc, ultimately they could breach content IP and nick your content. I realise its annoying as I can't embed the content either. What we'd like is the Confluence Cloud REST API to give us iframeable content output of a page or blogpost, and we'd be happy to use a security API Token to prevent unwanted access to our content. It's not unreasonable for customers wanting to embed blog posts at the very least! So what people are reasonably now complaining about and asking for is  - that there is no codeless or even code minimal alternative here, so they've been left in the lurch, even though this is Browser extra security that's started all this off.