Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-40640

Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled

    XMLWordPrintable

Details

    • 2
    • 5
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Currently in Confluence Cloud it's possible to turn clickjacking protection off (with the confluence.clickjacking.protection.disable) if customers want to embed their Confluence pages in their own portal. This isn't very safe, so it would be good to have an additional property to allow for setting the X-FRAME-OPTIONS ALLOW-FROM <domain> header to whitelist just the customer's portal domain.

      Attachments

        Issue Links

          relates to

          Suggestion - CONFCLOUD-40640 Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled

          • Gathering Interest
          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              nmason Nick Mason
              Votes:
              29 Vote for this issue
              Watchers:
              24 Start watching this issue

              Dates

                Created:
                Updated: