Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
0
-
Description
Problem Definition
Starting from Bamboo 5.14, X-FRAME-Option is enabled in HTTP response headers in order to provide clickjacking protection. There are instances when we need to disable this explicitly (like when application links break) and it is not easy to do this at this point of time.
Suggested Solution
Introduce an argument for JVM, so that we can disable like below (similar to Jira or Confluence):
JVM_SUPPORT_RECOMMENDED_ARGS="-Dcom.atlassian.bamboo.clickjacking.protection.disabled=true"
Workaround
Explicitly update in web.xml file to disable this filter.
Attachments
Issue Links
- followed by
-
BAM-9336 Enable X-FRAME-Option in HTTP response headers in order to improve clickjacking protection
- Closed