X-Frame-Options header, need eng support for it, Vitaly Osipov told me to make ticket

"Michael,Please create a support request at http://support.atlassian.comand asupport engineer will help you make the modifications for theX-Frame-Options header. You can mention me in the issue, that I amaware of it." Vitaly Osiprov.My email michael.mulder@faa.govwork 609 485 6739 (in East Coast USA time) cell 856 982 4056

3 answers

Firstly, please retrieve the files from inside your Confluence installation folder - the directory into which the Confluence application files and libraries have been unpacked (unzipped) when Confluence was installed:

confluence/WEB-INF/web.xml

Under this portion of the document retrieved:

<!-- Uncomment the following to disable the space export long running task. -->

    <!--

        <context-param>

            <param-name>unsupportedContainersForExportLongRunningTask</param-name>

            <param-value>websphere,jboss</param-value>

        </context-param>

    -->

Add the following:

<filter>

        <filter-name>ClickjackFilterSameOrigin</filter-name>

        <filter-class>org.owasp.filters.ClickjackFilter</filter-class>

        <init-param>

            <param-name>mode</param-name>

            <param-value>SAMEORIGIN</param-value>

        </init-param>

    </filter>

also add this:

<filter-mapping>

        <filter-name>ClickjackFilterSameOrigin</filter-name>

        <url-pattern>/*</url-pattern>

    </filter-mapping>

Save the files and put into confluence/WEB-INF/classes


Note that this fix is specific to Firefox, each web browser can use different WebKit versions, and even providers, in order to address with other browser vendor, please refer to the browser specific content, as this page for IE.

Where do you put the filter mapping section? Does it go right underneath the filter section we just added? Also, do you save the web.xml file in the the confluence/WEB-INF/classes and confluence/WEB-INF (where it originally was)?

His fix seem to work on Firefox most versions, and New IE9 and Chrome 34 as I had HTML

code to check for clickjacking and the login page wasn't loading in Chromw 34, IE9 and Firefox(most versions).

His fix seem to work on Firefox most versions, and New IE9 and Chrome 34 as I had HTML

code to check for clickjacking and the login page wasn't loading in Chromw 34, IE9 and Firefox(most versions).

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

2,602 views 25 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you