After upgrade to Jira Software 7.6.1 i found out, that i can't embedd Jira sites on our Confluence page anymore via iframe. I found out that this is a new security feature (JRASERVER-25143). In this articel it's described, that one can disable this protection by setting the
com.atlassian.jira.clickjacking.protection.disabled system property to
There's also a site which should describe how to do the Setting properties and options. But this site describes how you set Java Options for the service. When i inserted the property "com.atlassian.jira.clickjacking.protection.disabled=true" in the Java Options the service won't start anymore. So it has to be done somehow differently. Hope you can help!
I get the same behavior in JIRA, however, according to Confluence page does not display in an iframe the changes are supposed to be done on the Confluence side:
Disable clickjacking protection from Confluence
Shut down Confluence
- If you're running Linux:
<confluence_install>/bin/setenv.shadd the line:
- If you're running Windows from the
<confluence_install>/bin/setenv.batadd the line:
set CATALINA_OPTS=-Dconfluence.clickjacking.protection.disable=true %CATALINA_OPTS%
- If you're running Windows as a service:
If you're starting Confluence as a service, then you'll need to add the following startup options to the Java tab in the service properties:
- Restart Confluence
See Configuring System Properties for more on setting System Properties.
The Page will now appear in the
If the resolution 1 does not work then there is a possibility that in CONFLUENCE_INSTALL/conf/web.xml you have enabled HTTP Header Security Filter in Tomcat.
Shut down Confluence
Open CONFLUENCE_INSTALL/conf/web.xml and find antiClickJackingOption
Uncomment the parameter and change the value from DENY to SAMEORIGIN
Please see Apache Tomcat 8 Configuration Reference: HTTP Header Security Filter for more information on the parameters
Try the steps above and let me know the results.
I also tried the following options, but none worked:
So, this is still unresolved...
Those look like the arguments for JIRA. You need to configure this on the Confluence side. See Confluence page does not display in an iframe for the correct arguments for Confluence.
Additionally, take a look at the very last comment in the post titled How to remove or modify Confluence X-Frame-Options response header for another suggestion.
If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot