Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-69034

Allow X-Frame-Options to be altered on JIRA CLOUD

XMLWordPrintable

    • 22
    • 59

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      User is unable to add their JIRA dashboards in an IFrame on an external website due to X-Frame being set to Same Origin

      Suggested Solution

      Site-admins to have the ability to modify the X-Frame settings.

      It would be nice to have an option to disable the X-Frame setting and also an option to whitelist domains using X-Frame-Options: ALLOW-FROM which will make the instance more secure than completely disabling it.

      Why this is important

      Some users are missing features like adding their JIRA dashboard to their own website because of this X-Frame setting. Some users might want to take the increased risk of their instance being used for ClickJacking as long as they can use their instance in an IFrame.
       

      Workaround 

      None

              Unassigned Unassigned
              shodson shane (Inactive)
              Votes:
              92 Vote for this issue
              Watchers:
              76 Start watching this issue

                Created:
                Updated: