I just migrate my JIRA/Confluence to a new server, which I did re-install following the instruction.
I copy the old application home to new server (without dbconfig.xml) & I made all the configuration to make sure they are the same like the old one.
I'm having my JIRA/Confluence running behind nginx, which I reduced the Content-Policy-Header but I still got problem with
confluence/s/en_GB/6441/7d28db648b08c18ff79fe305b2da56665a84a1fc/5.9.24/_/download/resources/com.atlassian.auiplugin:aui-experimental-iconfont/fonts/atlassian-icons.woff -> return as 404
confluence/s/en_GB/6441/7d28db648b08c18ff79fe305b2da56665a84a1fc/1.0.39/_/download/resources/com.atlassian.confluence.plugins.confluence-dashboard:confluence-dashboard-resources/assets/images/2.0/icon-comment-small.svg -> return as 404
On my old server, it works just fine and returns as 200.
My confluence version is Atlassian Confluence 5.10.4
My jira version is Atlassian JIRA Project Management Software (v7.2.1#72003-sha1:3448e6b)
Actually the problem is that my Content-policy header doesn't allow JIRA/Confluence to display inline scripts and for the font-src also, so mostly all the inline scripts + fonts files are not being loaded due to failed security policy on NGINX.
So next time if anyone wants to have Confluence/JIRA running behind a proxy like NGINX, please be aware of the content policy header (if has any specified).
But by allowing such a content to be loaded, it violates our security policy as well. Till now I don't find any reason how to eliminate inline-scripts
Thanks for reminding me on this question, Ann ;)
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot