I just migrate my JIRA/Confluence to a new server, which I did re-install following the instruction.
I copy the old application home to new server (without dbconfig.xml) & I made all the configuration to make sure they are the same like the old one.
I'm having my JIRA/Confluence running behind nginx, which I reduced the Content-Policy-Header but I still got problem with
confluence/s/en_GB/6441/7d28db648b08c18ff79fe305b2da56665a84a1fc/5.9.24/_/download/resources/com.atlassian.auiplugin:aui-experimental-iconfont/fonts/atlassian-icons.woff -> return as 404
confluence/s/en_GB/6441/7d28db648b08c18ff79fe305b2da56665a84a1fc/1.0.39/_/download/resources/com.atlassian.confluence.plugins.confluence-dashboard:confluence-dashboard-resources/assets/images/2.0/icon-comment-small.svg -> return as 404
On my old server, it works just fine and returns as 200.
My confluence version is Atlassian Confluence 5.10.4
My jira version is Atlassian JIRA Project Management Software (v7.2.1#72003-sha1:3448e6b)
I found your support ticket and it looks like you fixed the issue on the NGINX proxy. Are there any details you would like to share with the Community, to help the next person experiencing this issue?
Hi Ann,
Actually the problem is that my Content-policy header doesn't allow JIRA/Confluence to display inline scripts and for the font-src also, so mostly all the inline scripts + fonts files are not being loaded due to failed security policy on NGINX.
So next time if anyone wants to have Confluence/JIRA running behind a proxy like NGINX, please be aware of the content policy header (if has any specified).
But by allowing such a content to be loaded, it violates our security policy as well. Till now I don't find any reason how to eliminate inline-scripts
Thanks for reminding me on this question, Ann ;)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.