[CONFCLOUD-40640] Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled

Type: Suggestion
Resolution: Unresolved
Component/s: None
Labels:

Support reference count:
6
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

Currently in Confluence Cloud it's possible to turn clickjacking protection off (with the confluence.clickjacking.protection.disable) if customers want to embed their Confluence pages in their own portal. This isn't very safe, so it would be good to have an additional property to allow for setting the X-FRAME-OPTIONS ALLOW-FROM <domain> header to whitelist just the customer's portal domain.

is related to

CONFSERVER-40640 Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled

Closed

Form Name

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Nick Mason

Votes:: 13 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 02/Feb/2016 12:18 AM

Updated:: 28/Aug/2020 7:38 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates