Embedding the iFrame Timeline view from a Jira plan doesn't work in external sites due to the x-frame-options: SAMEORIGIN header

XMLWordPrintable

    • 2
    • Severity 3 - Minor

      Issue Summary

      As per this document Embed your plan using an iFrame, it is possible to share a Jira plan timeline view using an iframe and embed it on any site as long as the permissions are correct for the person loading the view (is logged in with an Atlassian account that has the correct permissions)

      Still, since the response has the x-frame-options: SAMEORIGIN header, the content doesn't load in external sites that are not the same Cloud instance.

      This affects third party gadgets that load HTML or iFrame content since the request come from external URLs

      Steps to Reproduce

      1. Install a third party add-on that can load iFrames in dashboard gadgets for example
      2. Try to load the Timeline iFrame
      3. The request is rejected

      Expected Results

      The content should load

      Actual Results

      • The request is rejected

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            Assignee:
            Kishor J
            Reporter:
            Jorge H
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: