JIRA IssueCollector X-Frame-Origin problem

I am just trying to use a JIRA IssueCollector, the simplest basic configuration.

I done everything and I am testing it on a plain empty html page, integrated with a JS snippet.

The result is, that the slide button is displayed properly, but when I click on it, the popup is empty and in the JS console I can see that it is blocked by SameOrigin setting that is returned by JIRA.

The question is, why it is blocking two files that actually come from the same origin?

In Chrome I can see:

Refused to display 'https://<URL>/jira/rest/collectors/1.0/template/form/64f69fdd?os_authType=none' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

JIRA is behind proxy and is working fine for everything else... Anyone had this problem?

1 answer

1 accepted

1 vote
Accepted answer

Ok, I found the issue.

It turned out that the Apache that was proxying requests between the world and JIRA itself, had those lines:

Header set X-Content-Type-Options: "nosniff"
Header set X-XSS-Protection: "1; mode=block"
Header set X-Frame-Options: "sameorigin"

While it is generally good to have them, I had to make an exception rule for the JIRA issue collectors to works.

&lt;Location /jira&gt;
Header unset X-Frame-Options

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,092 views 4 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you