Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-20788

Option to disable clickjacking protection in Bamboo

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Fixed
    • 10.0.2
    • Security
    • None
    • 0

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      Starting from Bamboo 5.14, X-FRAME-Option is enabled in HTTP response headers in order to provide clickjacking protection. There are instances when we need to disable this explicitly (like when application links break) and it is not easy to do this at this point of time.

      Suggested Solution

      Introduce an argument for JVM, so that we can disable like below (similar to Jira or Confluence):

      JVM_SUPPORT_RECOMMENDED_ARGS="-Dcom.atlassian.bamboo.clickjacking.protection.disabled=true"

      Workaround

      Explicitly update in web.xml file to disable this filter.

            [BAM-20788] Option to disable clickjacking protection in Bamboo

            Eduardo Alvarenga (Inactive) made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 974704 ]
            Eduardo Alvarenga (Inactive) made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 953775 ]
            Krzysztof Podsiadło made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Waiting for Release [ 12075 ] New: Closed [ 6 ]
            Eduardo Alvarenga (Inactive) made changes -
            Fix Version/s New: 10.0.2 [ 109691 ]
            Eduardo Alvarenga (Inactive) made changes -
            Status Original: In Progress [ 3 ] New: Waiting for Release [ 12075 ]
            Eduardo Alvarenga (Inactive) made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 951980 ]
            Eduardo Alvarenga (Inactive) made changes -
            Status Original: Gathering Interest [ 11772 ] New: In Progress [ 3 ]
            Eduardo Alvarenga (Inactive) made changes -
            Link New: This issue is resolved by BAM-25907 [ BAM-25907 ]
            Eduardo Alvarenga (Inactive) made changes -
            Assignee New: Eduardo Alvarenga [ 73868399605e ]
            SET Analytics Bot made changes -
            UIS Original: 3 New: 0

              73868399605e Eduardo Alvarenga (Inactive)
              jinbasekaran Jeyanthan I (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: