It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Issue Collector form does not appear. Edited

I've had to make some security related changes to our Jira server relating to the entry in the server.xml for the Connector on port 8443.

In particular I have sslEnabledProtocols="TLSv1.2", and a host of restricted ciphers.

This seems to have broken the Issue Collectors.

I created the basic example Issue Collector and inserted the script into a simple html file. When I view the html file, it correctly shows the Provide Feedback button. However, clicking the button simply puts up the spinning wait symbol and it spins and spins. 

Watchng the access_log shows the request comming in and returning a 200. 

10.75.112.36 731x7483x1 mhusby [26/Jul/2017:12:11:20 -0400] "GET /jira/rest/collectors/1.0/template/form/81571e01?os_authType=none HTTP/1.1" 200 4210 111 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8" "1c6vw36"

but nothing gets rendered.

 

Inspecting the HTML shows two errors that says

Refused to display 'https://.../rest/collectors/1.0/template/form/81571e01?os_authType=none" in a frame because it set X-Frame-Options to 'SAMEORIGIN'

Unable to post message to 'https://...:8443" Recipient has origin null.

 

Additional information:

Have discovered that if I put my test html on the JIRA server, the form does display. So the problem remains, what setting needs to be changed to allow the form to be displayed on pages from our other web servers. 

1 answer

1 accepted

0 votes
Answer accepted

Hi Erik,

This sounds like a problem with your proxy settings.  I did a check on my Cloud instance and my on-premise instance and I did not see the set X-Frame-Options: "sameorigin" option, however, I would check your configuration using curl and the -I flag.  See if that is one of the headers being returned and if so you'll need to modify your proxy settings.  

If the header contains the SAMEORIGIN option, the response will be loaded within a frame only if the parent page is from the same origin.

There are a few Communities post discuss this problem that may help.  One is titled JIRA IssueCollector X-Frame-Origin problem and another is Issue Collector does not load….

Take a look at those and hopefully it will provide some clues as to what changes you need to make on your proxy to get the Issue Collectors working as normal again!


Cheers,

Branden

After looking into previous JIRA versions, I realized that the SAMEORIGIN setting had been required by our security team. I've looked into ways of configuring Tomcat so that it excludes the SAMEORIGIN setting based on a URL. However, the different browsers do not currently support the different security headers consistently.

We've decided to change our apps to instead bring up a Service Desk page in a different window. That will get around the SAMEORIGIN problem.

Thanks for the pointers. 

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira Core

How to manage many similar workflows?

I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...

1,099 views 7 0
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you