Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-40640

Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled

    XMLWordPrintable

Details

    • 6

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      Currently in Confluence Cloud it's possible to turn clickjacking protection off (with the confluence.clickjacking.protection.disable) if customers want to embed their Confluence pages in their own portal. This isn't very safe, so it would be good to have an additional property to allow for setting the X-FRAME-OPTIONS ALLOW-FROM <domain> header to whitelist just the customer's portal domain.

      Attachments

        Issue Links

          is related to

          Suggestion - CONFSERVER-40640 Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              nmason Nick Mason
              Votes:
              13 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated: