Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-95123

Knowledge base article cannot be displayed on the customer portal when JSM is integrated with Confluence 8.5.7+

XMLWordPrintable

      Issue Summary

      Knowledge base article cannot be displayed on the customer portal when JSM is integrated with Confluence 8.5.7+. When attempting to preview a Knowledge Base article you receive an error message in the iframe popup "<confluence site URL> refused to connect":

      Environment:

      • Any JSM Data Center version
      • Confluence Data Center on 8.5.7 or any higher version

      Note

      This issue only happens when Confluence is on 8.5.7.

      More information about the root cause in the KB article: https://confluence.atlassian.com/jirakb/kb-preview-is-failing-with-a-refused-to-frame-site-because-an-ancestor-violates-the-following-content-security-policy-directive-frame-ancestors-self-error-in-browser-s-console-1388151291.html

      Steps to Reproduce

      • Integrate JSM with Confluence to provide Customers with a knowledge base
      • Go to the customer portal and search for any KB article
      • Click on the article to open it in an iFrame on the customer portal

      Expected Results

      The article should be displayed:

      Actual Results

      The article is not displayed and we receive an error message in the iframe popup "<confluence site URL> refused to connect":

      Workaround

      1. Set the below JVM parameters (on all nodes if you are using multi-node DataCenter cluster) to add the below argument to your setting for allowing only the Jira host to view Confluence content in an iFrame (please change <JIRA hostname> with yours before applying configuration.); - See Configuring System Properties for more on setting System Properties.
        • If Jira is not running as a service and the JVM parameters are configured in the setenv.sh or the setenv.bat file, please add the row below: 
          CATALINA_OPTS="-Dhttp.header.security.content.security.policy.value=\"frame-ancestors 'self' <JIRA hostname>\" ${CATALINA_OPTS}"

      – If Jira is running as a Windows service, then you will need to add the Java Option below (without double quotes):

      -Dhttp.header.security.content.security.policy.value=frame-ancestors 'self' <JIRA hostname>
      1. Perform a rolling restart of Confluence

        1. ExpectedBehavior.png
          ExpectedBehavior.png
          70 kB
        2. ObservedBehavior.png
          ObservedBehavior.png
          20 kB

            [CONFSERVER-95123] Knowledge base article cannot be displayed on the customer portal when JSM is integrated with Confluence 8.5.7+

            Aakrity Tibrewal made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 966600 ]
            Niraj Bhawnani made changes -
            Labels Original: sec-escape security-escape New: sec-escape
            Niraj Bhawnani made changes -
            Labels Original: security-escape New: sec-escape security-escape
            Suat Kandiş made changes -
            Description Original: h3. Issue Summary

            Knowledge base article cannot be displayed on the customer portal when JSM is integrated with Confluence 8.5.7+. When attempting to preview a Knowledge Base article you receive an error message in the iframe popup "<confluence site URL> refused to connect":
            !ObservedBehavior.png|thumbnail!
            h3. Environment:
             - Any JSM Data Center version
             - Confluence Data Center on 8.5.7 or any higher version

            h3. Note

            This issue only happens when Confluence is on 8.5.7.

            More information about the root cause in the KB article: [https://confluence.atlassian.com/jirakb/kb-preview-is-failing-with-a-refused-to-frame-site-because-an-ancestor-violates-the-following-content-security-policy-directive-frame-ancestors-self-error-in-browser-s-console-1388151291.html]
            h3. Steps to Reproduce
             - Integrate JSM with Confluence to provide Customers with a knowledge base
             - Go to the customer portal and search for any KB article
             - Click on the article to open it in an iFrame on the customer portal

            h3. Expected Results

            The article should be displayed:
            !ExpectedBehavior.png|thumbnail!
            h3. Actual Results

            The article is not displayed and we receive an error message in the iframe popup "<confluence site URL> refused to connect":
            !ObservedBehavior.png|thumbnail!
            h3. Workaround
             # Set the below JVM parameters (on all nodes if you are using multi-node DataCenter cluster) to add the below argument to your setting for allowing only the Jira host to view Confluence content in an iFrame (please change <JIRA hostname> with yours before applying configuration.); - See [Configuring System Properties|https://confluence.atlassian.com/doc/configuring-system-properties-168002854.html] for more on setting System Properties.
             -- If Jira is not running as a service and the JVM parameters are configured in the setenv.sh or the setenv.bat file, please add the row below:
            {code:java}
            CATALINA_OPTS="-Dhttp.header.security.content.security.policy.value=\"frame-ancestors 'self' <JIRA hostname>\" ${CATALINA_OPTS}"
            {code}
             -- If Jira is running as a Windows service, then you will need to add the Java Option below (without double quotes):
            {code:java}
            -Dhttp.header.security.content.security.policy.value=frame-ancestors 'self' <JIRA hostname>
            {code}
             # Perform a rolling restart of Confluence             		New: h3. Issue Summary

            Knowledge base article cannot be displayed on the customer portal when JSM is integrated with Confluence 8.5.7+. When attempting to preview a Knowledge Base article you receive an error message in the iframe popup "<confluence site URL> refused to connect":
            !ObservedBehavior.png|thumbnail!
            h3. Environment:
             - Any JSM Data Center version
             - Confluence Data Center on 8.5.7 or any higher version

            h3. Note

            This issue only happens when Confluence is on 8.5.7.

            More information about the root cause in the KB article: [https://confluence.atlassian.com/jirakb/kb-preview-is-failing-with-a-refused-to-frame-site-because-an-ancestor-violates-the-following-content-security-policy-directive-frame-ancestors-self-error-in-browser-s-console-1388151291.html]
            h3. Steps to Reproduce
             - Integrate JSM with Confluence to provide Customers with a knowledge base
             - Go to the customer portal and search for any KB article
             - Click on the article to open it in an iFrame on the customer portal

            h3. Expected Results

            The article should be displayed:
            !ExpectedBehavior.png|thumbnail!
            h3. Actual Results

            The article is not displayed and we receive an error message in the iframe popup "<confluence site URL> refused to connect":
            !ObservedBehavior.png|thumbnail!
            h3. Workaround
             # Set the below JVM parameters (on all nodes if you are using multi-node DataCenter cluster) to add the below argument to your setting for allowing only the Jira host to view Confluence content in an iFrame (please change <JIRA hostname> with yours before applying configuration.); - See [Configuring System Properties|https://confluence.atlassian.com/doc/configuring-system-properties-168002854.html] for more on setting System Properties.
             -- If Jira is not running as a service and the JVM parameters are configured in the setenv.sh or the setenv.bat file, please add the row below:
            {code:java}
            CATALINA_OPTS="-Dhttp.header.security.content.security.policy.value=\"frame-ancestors 'self' <JIRA hostname>\" ${CATALINA_OPTS}"
            {code}

             -- If Jira is running as a Windows service, then you will need to add the Java Option below (without double quotes):
            {code:java}
            -Dhttp.header.security.content.security.policy.value=frame-ancestors 'self' <JIRA hostname>
            {code}

             # Perform a rolling restart of Confluence

            James Whitehead added a comment -

            A fix for this issue is available in Confluence Data Center 9.0.1.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            James Whitehead added a comment - A fix for this issue is available in Confluence Data Center 9.0.1. Upgrade now or check out the Release Notes to see what other issues are resolved.
            James Whitehead made changes -
            Fix Version/s Original: 9.0.0 [ 106328 ]
            James Whitehead made changes -
            Fix Version/s New: 9.0.1 [ 108911 ]
            Archit Goyal made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 924017 ]
            Mohit Sharma made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 923855 ]

            James Whitehead added a comment -

            A fix for this issue is available in Confluence Server and Data Center 8.5.9.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            James Whitehead added a comment - A fix for this issue is available in Confluence Server and Data Center 8.5.9. Upgrade now or check out the Release Notes to see what other issues are resolved.

              03cb0c04aa4f Irina Tiapchenko
              jrey Julien Rey
              Affected customers:
              30 This affects my team
              Watchers:
              44 Start watching this issue

                Created:
                Updated:
                Resolved: