Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-63038

Activity Stream Gadget does not load when HSTS is enabled

    XMLWordPrintable

    Details

      Description

      Summary

      1. The Activity Stream gadget is blank when HSTS is enabled.
      2. We currently do not have an official Atlassian documentation to integrate HSTS but the setup from http://stackoverflow.com/questions/27541755/add-hsts-feature-to-tomcat can be followed.

      Steps to Reproduce

      1. Stop JIRA
      2. Edit the JIRA_INSTALL/conf/web.xml file
      3. Add the following snippet :
        <filter>
        	<filter-name>httpHeaderSecurity</filter-name>
        	<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        	<init-param>
        		<param-name>hstsMaxAgeSeconds</param-name>
        		<param-value>63072000</param-value>
        	</init-param>
        	<async-supported>true</async-supported>
        </filter>
        <filter-mapping>
        	<filter-name>httpHeaderSecurity</filter-name>
        	<url-pattern>/*</url-pattern>
        	<dispatcher>REQUEST</dispatcher>
        </filter-mapping>
        
      4. Start JIRA

      Expected Results

      Activity Stream should work as expected.

      Actual Results

      Activity Stream will display blank.

      The below exception is thrown in the developer console

      Refused to display 'http://localhost:8722/jira722/plugins/servlet/gadgets/ifr?container=atlassi…t%2Fgadgets%2Factivitystream-gadget.xml&libs=auth-refresh#rpctoken=2715915' in a frame because it set 'X-Frame-Options' to 'DENY'.
      batch.js?atlassian.aui.raphael.disabled=true&locale=en-US:7287 Uncaught DOMException: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "http://localhost:8722" from accessing a cross-origin frame.(…)
       

      Notes

      Feature request for a documentation to integrate JIRA with HSTS has been raised here https://jira.atlassian.com/browse/JRA-46150

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              astephen@atlassian.com Adrian
              Votes:
              12 Vote for this issue
              Watchers:
              17 Start watching this issue

                Dates

                Created:
                Updated: