Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-40640

Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled

XMLWordPrintable

    • 6

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      Currently in Confluence Cloud it's possible to turn clickjacking protection off (with the confluence.clickjacking.protection.disable) if customers want to embed their Confluence pages in their own portal. This isn't very safe, so it would be good to have an additional property to allow for setting the X-FRAME-OPTIONS ALLOW-FROM <domain> header to whitelist just the customer's portal domain.

          Form Name

            [CONFCLOUD-40640] Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled

            Security Metrics Bot made changes -
            Labels Original: no-cvss-required security New: dmb-legacy-jac-none no-cvss-required security
            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3429492 ] New: JAC Suggestion Workflow 3 [ 3613201 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Confluence Workflow - Public Facing v3 [ 2238394 ] New: JAC Suggestion Workflow [ 3429492 ]
            Status Original: Needs Verification [ 10004 ] New: Gathering Interest [ 11772 ]
            SET Analytics Bot made changes -
            Support reference count New: 6
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing v3 - TEMP [ 2132993 ] New: Confluence Workflow - Public Facing v3 [ 2238394 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing v3 [ 1896489 ] New: Confluence Workflow - Public Facing v3 - TEMP [ 2132993 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing v2 [ 1820079 ] New: Confluence Workflow - Public Facing v3 [ 1896489 ]
            jonah (Inactive) made changes -
            Description Original: Currently in Confluence Cloud it's possible to turn clickjacking protection off (with the {{confluence.clickjacking.protection.disable}}) if customers want to embed their Confluence pages in their own portal. This isn't very safe, so it would be good to have an additional property to allow for setting the {{X-FRAME-OPTIONS ALLOW-FROM <domain>}} header to whitelist just the customer's portal domain. New: {panel:bgColor=#e7f4fa}
              *NOTE:* This suggestion is for *Confluence Cloud*. Using *Confluence Server*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-40640].
              {panel}

            Currently in Confluence Cloud it's possible to turn clickjacking protection off (with the {{confluence.clickjacking.protection.disable}}) if customers want to embed their Confluence pages in their own portal. This isn't very safe, so it would be good to have an additional property to allow for setting the {{X-FRAME-OPTIONS ALLOW-FROM <domain>}} header to whitelist just the customer's portal domain.
            jonah (Inactive) made changes -
            Link New: This issue is related to CONFSERVER-40640 [ CONFSERVER-40640 ]
            vkharisma made changes -
            Project Import New: Sat Apr 01 14:06:06 UTC 2017 [ 1491055566265 ]

              Unassigned Unassigned
              nmason Nick Mason
              Votes:
              13 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: