I am just trying to use a JIRA IssueCollector, the simplest basic configuration.
I done everything and I am testing it on a plain empty html page, integrated with a JS snippet.
The result is, that the slide button is displayed properly, but when I click on it, the popup is empty and in the JS console I can see that it is blocked by SameOrigin setting that is returned by JIRA.
The question is, why it is blocking two files that actually come from the same origin?
In Chrome I can see:
Refused to display 'https://<URL>/jira/rest/collectors/1.0/template/form/64f69fdd?os_authType=none' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
JIRA is behind proxy and is working fine for everything else... Anyone had this problem?
Ok, I found the issue.
It turned out that the Apache that was proxying requests between the world and JIRA itself, had those lines:
Header set X-Content-Type-Options: "nosniff" Header set X-XSS-Protection: "1; mode=block" Header set X-Frame-Options: "sameorigin"
While it is generally good to have them, I had to make an exception rule for the JIRA issue collectors to works.
<Location /jira> Header unset X-Frame-Options </Location>
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot