Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-69034

Allow X-Frame-Options to be altered on JIRA CLOUD

    XMLWordPrintable

Details

    • 8
    • 25
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Problem Definition

      User is unable to add their JIRA dashboards in an IFrame on an external website due to X-Frame being set to Same Origin

      Suggested Solution

      Site-admins to have the ability to modify the X-Frame settings.

      It would be nice to have an option to disable the X-Frame setting and also an option to whitelist domains using X-Frame-Options: ALLOW-FROM which will make the instance more secure than completely disabling it.

      Why this is important

      Some users are missing features like adding their JIRA dashboard to their own website because of this X-Frame setting. Some users might want to take the increased risk of their instance being used for ClickJacking as long as they can use their instance in an IFrame.
       

      Workaround 

      None

      Attachments

        Activity

          People

            Unassigned Unassigned
            shodson shane (Inactive)
            Votes:
            35 Vote for this issue
            Watchers:
            33 Start watching this issue

            Dates

              Created:
              Updated: