[BAM-20788] Option to disable clickjacking protection in Bamboo

Type: Suggestion
Resolution: Fixed
Fix Version/s: 10.0.2
Component/s: Security
Labels:
None

UIS:
0
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Problem Definition

Starting from Bamboo 5.14, X-FRAME-Option is enabled in HTTP response headers in order to provide clickjacking protection. There are instances when we need to disable this explicitly (like when application links break) and it is not easy to do this at this point of time.

Workaround

Explicitly update in web.xml file to disable this filter.

followed by

BAM-9336 Enable X-FRAME-Option in HTTP response headers in order to improve clickjacking protection

Closed

is resolved by

BAM-25907 Allow HTTP Strict Transport Security (HSTS) to be configured in Bamboo 10

Closed

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load

Eduardo Alvarenga (Inactive) added a comment - 02/Oct/2024 4:48 AM

Please check How do I enable HSTS and other HTTP Security Headers in Bamboo Data Center after Bamboo 10.0.2 is released for further instructions.

Eduardo Alvarenga (Inactive) added a comment - 02/Oct/2024 4:48 AM Please check How do I enable HSTS and other HTTP Security Headers in Bamboo Data Center after Bamboo 10.0.2 is released for further instructions.

Ramesh Udari1 added a comment - 06/Apr/2021 6:35 AM

Any update on this ?

bamboo should provide provision like Jira and confluence to disable X-FRAME-Option .

Ramesh Udari1 added a comment - 06/Apr/2021 6:35 AM Any update on this ? bamboo should provide provision like Jira and confluence to disable X-FRAME-Option .

SPence added a comment - 21/Jun/2020 10:15 AM

How do you update the filter within the web.xml?

In order to use OpenClover it is stopping the reports from being viewed.

SPence added a comment - 21/Jun/2020 10:15 AM How do you update the filter within the web.xml? In order to use OpenClover it is stopping the reports from being viewed.

Assignee:: Eduardo Alvarenga (Inactive)

Reporter:: Jeyanthan I (Inactive)

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 22/Jan/2020 5:00 PM

Updated:: 08/Jan/2025 5:52 AM

Resolved:: 09/Oct/2024 12:43 PM

Details

Description

Problem Definition

Suggested Solution

Workaround

Attachments

Issue Links

Forms

Activity

Collapse comment: Eduardo Alvarenga (Inactive) added a comment - 02/Oct/2024 4:48 AM

Expand comment: Eduardo Alvarenga (Inactive) added a comment - 02/Oct/2024 4:48 AM

Collapse comment: Ramesh Udari1 added a comment - 06/Apr/2021 6:35 AM

Expand comment: Ramesh Udari1 added a comment - 06/Apr/2021 6:35 AM

Collapse comment: SPence added a comment - 21/Jun/2020 10:15 AM

Expand comment: SPence added a comment - 21/Jun/2020 10:15 AM

People

Dates