Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-40640

Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled

XMLWordPrintable

    • 6

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      Currently in Confluence Cloud it's possible to turn clickjacking protection off (with the confluence.clickjacking.protection.disable) if customers want to embed their Confluence pages in their own portal. This isn't very safe, so it would be good to have an additional property to allow for setting the X-FRAME-OPTIONS ALLOW-FROM <domain> header to whitelist just the customer's portal domain.

          Form Name

            [CONFCLOUD-40640] Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled

            Ajay Upadhyaya added a comment -

            +1 for this ticket. We have few customers who use our add on Gilly/EduBrite to add Learning content in confluence, which is no issue. But this enhancement is needed by them to reuse confluence content in the Course (as an iframe) they create in our system. A related request is to also allow a way to turn off header/footer/navigation using CSS or some other way when the confluence page isn't the top level window (embedded as iframe). This was possible in Confluence Server using the custom html code.

            Ajay Upadhyaya added a comment - +1 for this ticket. We have few customers who use our add on Gilly/EduBrite to add Learning content in confluence, which is no issue. But this enhancement is needed by them to reuse confluence content in the Course (as an iframe) they create in our system. A related request is to also allow a way to turn off header/footer/navigation using CSS or some other way when the confluence page isn't the top level window (embedded as iframe). This was possible in Confluence Server using the custom html code.

              Unassigned Unassigned
              nmason Nick Mason
              Votes:
              13 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: