Since the latest update to 1.551 none of our jenkins URLS are displayed in our JIRA Wallboard (using custom web page Gadget). The portion of the Wallboard is simply blank. Technically the JARI gagdet only inserts the pages by using an iframe. The URL is correct, but the page ist not displayed due to an HTML Option added in 1.551:
{{{
<st:header name="X-Frame-Options" value="sameorigin" />
}}}
Release Notes of 1.551:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
SECURITY-80 is resaponsible for the change
This is the commit which introduced the new behaviour:
https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6
Yes the changes enhance the security, but both our JIRA and our JENKINS access is limited to our company LAN.
So we would recommend to add a security configuration setting for this to allow the usage of the jenkins pages within other Pages (e.g. JIRA Wallboards).
- duplicates
-
JENKINS-21881 Make X-Frame-Options configurable
- Resolved