Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Issue Collector form does not appear.

Erik Husby
Erik Husby July 26, 2017

I've had to make some security related changes to our Jira server relating to the entry in the server.xml for the Connector on port 8443.

In particular I have sslEnabledProtocols="TLSv1.2", and a host of restricted ciphers.

This seems to have broken the Issue Collectors.

I created the basic example Issue Collector and inserted the script into a simple html file. When I view the html file, it correctly shows the Provide Feedback button. However, clicking the button simply puts up the spinning wait symbol and it spins and spins. 

Watchng the access_log shows the request comming in and returning a 200. 

10.75.112.36 731x7483x1 mhusby [26/Jul/2017:12:11:20 -0400] "GET /jira/rest/collectors/1.0/template/form/81571e01?os_authType=none HTTP/1.1" 200 4210 111 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8" "1c6vw36"

but nothing gets rendered.

 

Inspecting the HTML shows two errors that says

Refused to display 'https://.../rest/collectors/1.0/template/form/81571e01?os_authType=none" in a frame because it set X-Frame-Options to 'SAMEORIGIN'

Unable to post message to 'https://...:8443" Recipient has origin null.

 

Additional information:

Have discovered that if I put my test html on the JIRA server, the form does display. So the problem remains, what setting needs to be changed to allow the form to be displayed on pages from our other web servers. 

Answer
Watch
Like Be the first to like this
2336 views

1 answer

1 accepted

0 votes
Answer accepted
somethingblue
somethingblue
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 27, 2017

Hi Erik,

This sounds like a problem with your proxy settings.  I did a check on my Cloud instance and my on-premise instance and I did not see the set X-Frame-Options: "sameorigin" option, however, I would check your configuration using curl and the -I flag.  See if that is one of the headers being returned and if so you'll need to modify your proxy settings.  

If the header contains the SAMEORIGIN option, the response will be loaded within a frame only if the parent page is from the same origin.

There are a few Communities post discuss this problem that may help.  One is titled JIRA IssueCollector X-Frame-Origin problem and another is Issue Collector does not load….

Take a look at those and hopefully it will provide some clues as to what changes you need to make on your proxy to get the Issue Collectors working as normal again!


Cheers,

Branden

View More Comments
Erik Husby
Erik Husby July 27, 2017

After looking into previous JIRA versions, I realized that the SAMEORIGIN setting had been required by our security team. I've looked into ways of configuring Tomcat so that it excludes the SAMEORIGIN setting based on a URL. However, the different browsers do not currently support the different security headers consistently.

We've decided to change our apps to instead bring up a Service Desk page in a different window. That will get around the SAMEORIGIN problem.

Thanks for the pointers. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events