Uploaded image for project: 'HipChat'
  1. HipChat
  2. HCPUB-29260

HipChat app glances don't load when using JIRA-HipChat integration

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

Details

    • Severity 3 - Minor

    Description

      Summary

      HipChat glances using the HipChat desktop apps will not load and fail with 'Can't load Try Again'. This happens as well with the web app in Chrome and Firefox, but can be mitigated by a workaround (see below).

      A related issue is also after clicking the 'Configure JIRA' link in the glance sidebar in the app, the CONFIGURE pane for the JIRA integration in the HipChat web UI is blank and no options are shown.

      Environment

      • HipChat Server v2.x
      • JIRA Server 7.6+ (Configured to use SSL)

      Steps to Reproduce

      1. In JIRA, setup the HipChat integration to connect to your HipChat Server.
      2. Add a room to receive a notification.
      3. Once completed, load up any one of the clients, navigate to the room with the integration and open the sidebar. Click 'Configure JIRA'.
      4. Your default browser should load and load the HipChat web UI Integrations page where the 'CONFIGURE' page is blank.

      Expected Results

      The CONFIGURE page should load the Glance options to configure. Once these are options are configured, any JIRA issues queried by the HipChat app should show in the glance sidebar.

      Actual Results

      No options are shown

      Description of Issue

      In an effort to prevent clickjacking, JIRA 7.6+ adds the X-Frame-Options and Content-Security-Policy security headers to each HTTP response. The headers block the content from being embedded in iframes, which might also affect pages that you actually wanted to be displayed this way (i.e. Glances).

      This affects both SSL and non-SSL connections from HC -> JIRA back to HC. The clickjacking feature (explained in the document Security headers in JIRA is what is causing the blank load pages.

      Notes

      SSL needs to be configured on the JIRA instance for this glance to load once the workaround is applied.

      Workaround

      This will disable JIRA's clickjacking protection, please check with your internal security team before applying.

      1. Follow the 'Disabling security headers' section on the knowledge base article titled Security headers in JIRA.
      2. Once the 'setenv.sh' (Linux) or 'setenv.bat' (Windows) is updated with the correct argument, please restart JIRA. You should now see the disable clickjacking JVM arguments for JIRA.
      3. The glance 'configuration' should load and after setup, it should load in the browser / desktop clients.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. HCPUB-2102 JIRA Glances show can't load message from HipChat Desktop Apps

          • High - High priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              dmaye@atlassian.com David Maye
              Archiver:
              mandreacchio Michael Andreacchio

              Dates

                Created:
                Updated:
                Resolved:
                Archived: