SVG icons/emoticons are not shown after installing Confluence server

thank you very much for your help. I just tried to downgrade Tomcat, as you suggested, but unfortunately the issue persists. I even tried the other steps to resolve the issue again (empty cache, reindex etc.) but no change. Looks like there is more involved than just the tomcat version.

Hi Lukas,

I should note that I did need to clear my browser cache before I could confirm that it resolved the issue.  Could you double-check by opening a new incognito window and rechecking if it's resolved?

I can confirm this did indeed workaround the issue on a recently upgraded 6.15.3 confluence instance that had identical issues as described in this thread.

I actually used another workaround for my other 6.15.3 confluence (production) instance that I am not in a position to shutdown (until perhaps this weekend):

If you use a reverse-proxy to SSL confluence (such as apache or nginx) you can override the header for all requests to svg (icons) by adding the following to your vhost (if using apache 2.4):

<If "%{REQUEST_URI} =~ /.*\.svg/">
  Header set Content-Type "image/svg+xml;charset=UTF-8"
</If>

There is an equivalent override for nginx.

E.g. my apache (2.4) reverse proxy for my confluence virtual host looks like:

<VirtualHost *:443>
ServerName confluence.example.com

ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1

RewriteEngine On

<If "%{REQUEST_URI} =~ /.*\.svg/">
Header set Content-Type "image/svg+xml;charset=UTF-8"
</If>

RewriteCond %{REQUEST_URI} !^/synchrony
RewriteRule ^/(.*) http://127.0.0.1:8090/$1 [P]

ProxyPass /synchrony http://127.0.0.1:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8091%{REQUEST_URI} [P]
</Location>

ProxyPass / http://127.0.0.1:8090/
ProxyPassReverse / http://127.0.0.1:8090/

..."SSL cert stuff goes here"...

</VirtualHost>

 Hope this might help.

Jay.

Hi Lukas,

I should note that I did need to clear my browser cache before I could confirm that it resolved the issue.  Could you double-check by opening a new incognito window and rechecking if it's resolved?

I can confirm this did indeed workaround the issue on a recently upgraded 6.15.3 confluence instance that had identical issues as described in this thread.

I actually used another workaround for my other 6.15.3 confluence (production) instance that I am not in a position to shutdown (until perhaps this weekend):

If you use a reverse-proxy to SSL confluence (such as apache or nginx) you can override the header for all requests to svg (icons) by adding the following to your vhost (if using apache 2.4):

<If "%{REQUEST_URI} =~ /.*\.svg/">
  Header set Content-Type "image/svg+xml;charset=UTF-8"
</If>

There is an equivalent override for nginx.

E.g. my apache (2.4) reverse proxy for my confluence virtual host looks like:

<VirtualHost *:443>
ServerName confluence.example.com

ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1

RewriteEngine On

<If "%{REQUEST_URI} =~ /.*\.svg/">
Header set Content-Type "image/svg+xml;charset=UTF-8"
</If>

RewriteCond %{REQUEST_URI} !^/synchrony
RewriteRule ^/(.*) http://127.0.0.1:8090/$1 [P]

ProxyPass /synchrony http://127.0.0.1:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8091%{REQUEST_URI} [P]
</Location>

ProxyPass / http://127.0.0.1:8090/
ProxyPassReverse / http://127.0.0.1:8090/

..."SSL cert stuff goes here"...

</VirtualHost>

 Hope this might help.

Jay.

Hi Jay,

you're a genius - that was the missing part (should have thought about it myself...). Downgrading Tomcat in combination with clearing browser cache was the solution!
Thank you very much for your help! Very much appreciated.

best regards

Lukas

Thanks Jay for describing the issue and possible solutions, I downgraded to the version 6.15.2 and the issue disappear. Looks like sometimes is not the latest version the best option to use ;-) 

Dear Jay,

you save my day!!

But as I'm not using the bundled Tomcat, but a farm using Tomcat-8.5.38 at the moment, I would like to ask what is the core reason of the issue?

At https://jira.atlassian.com/browse/CONFSERVER-58180 I read:

I checked the release notes for Tomcat 9.0.14, and it looks like the issue is caused by this change: "The default Servlet should not override a previously set content-type"

This sounds to me if it's a valid upstream bugfix and the issue is triggered by Confluence by setting an inproper MIME type which isn't overriden anymore.

Is this the truth?

Yes, that was exactly the issue.  Atlassian have released 6.5.14 which resolves the issue.

Upgrading from 5.5 this days, we decide to upgrade to the Enterprise line. Therefore, I choose 6.13.4 to install. Does 6.15.4 really fix the issue withing Confluence or have Atlassian "fixed" it  by just choosing an older Tomcat version?

That's a very good question.  I'm planning on upgrading once of my confluence instances to 6.5.14 this weekend and will find out then.

Although, looking at recent comments on https://jira.atlassian.com/browse/CONFSERVER-58180 6.5.14 has an issue now with browsers now showing an insecure content warning with emoticons not redirecting to https (which can be worked around with another apache workaround...)... I say stick with 6.13.4 for the time being.