-
Suggestion
-
Resolution: Fixed
-
None
-
2
-
5
-
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
Currently in Confluence Cloud it's possible to turn clickjacking protection off (with the confluence.clickjacking.protection.disable) if customers want to embed their Confluence pages in their own portal. This isn't very safe, so it would be good to have an additional property to allow for setting the X-FRAME-OPTIONS ALLOW-FROM <domain> header to whitelist just the customer's portal domain.
- relates to
-
CONFCLOUD-40640 Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled
- Gathering Interest
- mentioned in
-
Page Failed to load
A fix for this issue is available in Confluence Data Center 9.0.1.
Upgrade now or check out the Release Notes to see what other issues are resolved.