It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

JIRA Gantt Chart add-on gadget will not display in Confluence - get error message

Anyone seen this error/warning when trying to use this gadget in Confluence:

Security Aspect:

You are not allowed to request content from within the JIRA Gantt-Chart gadget, most likely due to your same-origin-policy!

9 answers

1 accepted

1 vote
Answer accepted

Hi Ryan,

that's not a bug: it is a problem of your infrastructure set-up. Your browsers detect that security violation and prevent loading data in the background. You can find more information about "same origin policy" using Google/Yahoo or what search engine you prefer.

Your internet-protocol, domain and port must be the same for JIRA and Confluence like http://x.y.z:8080/jira and http://x.y.z:8080/confluence. If you configure your Atlassian systems like this, it works quite well and your users will be happy and secure as well!

I will not implement a workaround to disable the browsers default behaviour, which opens security holes as it really make sense to have that. Just image, you are browsing a web-site and content is loaded in the background from or something equivalent!


I believe I was encountering this issue and have managed to resolve it with a few deeper tweaks.

First, my problem:

We wanted to separate our jira and confluence servers for both simpler urls and discrete resource management. So I moved confluence from to

I left our jira server at

Suddenly, the gantt charts aren't displaying. Same Origin policy error in browser console, ah crud.

My Solution:

I used CORS to solve this. This required a change to the apache config (enabling CORS for the trusted server) on the jira server and modifying a JS file within the JPlugs plugin jar file.

Here's the change to your virtual host in apache:

# Enable CORS for http(s)://*.YOURDOMAIN Origins
  <IfModule mod_headers.c>
    SetEnvIfNoCase Origin "(http(s)?://)((.+)\.)?(YOURDOMAIN)$" AccessControlAllowOrigin=$1$3$5
    Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    Header set Access-Control-Allow-Credentials true env=AccessControlAllowOrigin

    SetEnvIfNoCase Access-Control-Request-Method "(.+)" AccessControlRequestMethod
    Header set Access-Control-Allow-Methods "GET,POST,HEAD" env=AccessControlRequestMethod

    SetEnvIfNoCase Access-Control-Request-Headers "(.+)" AccessControlRequestHeaders
    Header set Access-Control-Request-Headers "X-Requested-With" env=AccessControlRequestHeaders

And I changed com/jplugs/plugin/gantt/includes/jsjplugs/jplugs-js-gantt.js within the plugin jar. Around line 1448, we see:

if (window.XMLHttpRequest)
         xhttp=new XMLHttpRequest();
 else // IE 5/6
         xhttp=new ActiveXObject("Microsoft.XMLHTTP");

Simply add a line after creating a new XMLHTTPRequest object:

if (window.XMLHttpRequest)
         xhttp=new XMLHttpRequest();
 else // IE 5/6
         xhttp=new ActiveXObject("Microsoft.XMLHTTP");

That will instruct the browser that its OK to send cookies in cross domain requests utilizing the CORS headers in the request/response.

Note that this requires you to edit the plugin, which likely means you void the warranty or support agreement or EULA or someones patent. Take Frank's warning seriously and only use my hack if you really need to.

Chad, for what version of plugin is your solution?

I could not find com/jplugs/plugin/gantt/includes/jsjplugs/jplugs-js-gantt.js within plugin_1133294473520394069_gantt-2.4.0-JIRA5.2-UPM2.10.jar

Looks like we're on version 2.2.0 still.

Good job, thank's for publishing your CORS-based solution. I have updated my source code an included the following code snippet within the Gantt-Gadget:


It will be published with Gantt-Chart v2.4.1 soon.


Great to hear, thats one less hack I have to maintain going forward. Thank you! :)

"jsjplugs/jplugs-js-gantt.js" is a different addon and NOT my Gantt-Chart addon (please see on Atlassian Marketplace)!


Chad, can you clarify, did you solve issue with Frank's plugin (and what corrections did you make to that plugin) or with some other plugin?

I'm sorry Frank, I should of paid more attention to the labels.

My mod is for com.jplugs.plugin.gantt, version 2.2.0, which is not what this question was about. Apologies for the confusion.

I have some progress on this issue. In fact I got it working for some time.

Thanks to Frank he send me a pre-release of version 2.4.1 of his plugin. I configured apache as Chad recommended

The only thing that was missing - apache module headers.c was not enabled by default

I uncommented this string in httpd.conf

LoadModule headers_module modules/

and voila, it works! Gadget contents showing in confluence.

I tried to show the result to another user and all he saw was JIRA logon screen instead of Gantt chart.

I made logoff/logon in JIRA and Confluence on my machine, and after that I got JIRA logon screen inside of a gadget in Confluence.

And since than I can never get it back working :(

I tried logging in and out, reinstalled plugin, but no use.

JIRA logges this line

2013-10-31 14:03:22,526 http-bio-8080-exec-5 WARN anonymous 843x2100x1 -, /plugins/servlet/gantt-issues [jira.plugins.servlet.GanttServlet] user is not logged in -> force redirect to login screen

Please someone give me a hint.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence

6 Awesome Ways to Apply Trello, JIRA and Confluence to your Project

I attended  Atlassian Summit 2019  and learned a lot from the presenters, attendees and knowledgeable Atlassian product managers. The presentations I attended focused on applying Agile, pla...

3,764 views 15 37
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you