Since the latest update to 1.551 none of our jenkins URLS are displayed in our JIRA Wallboard (using custom web page Gadget). The portion of the Wallboard is simply blank. Technically the JARI gagdet only inserts the pages by using an iframe. The URL is correct, but the page ist not displayed due to an HTML Option added in 1.551:
<st:header name="X-Frame-Options" value="sameorigin" />
Release Notes of 1.551:
SECURITY-80 is resaponsible for the change
This is the commit which introduced the new behaviour:
Yes the changes enhance the security, but both our JIRA and our JENKINS access is limited to our company LAN.
So we would recommend to add a security configuration setting for this to allow the usage of the jenkins pages within other Pages (e.g. JIRA Wallboards).
- duplicates
JENKINS-21881 Make X-Frame-Options configurable
- Resolved
[JENKINS-21842] Need a way to permit Jenkins to be visible in selected iframes
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Status | Original: In Progress [ 3 ] | New: Open [ 1 ] |
Link | New: This issue is blocking SECURITY-80 [ SECURITY-80 ] |
Maybe in can be done like in the xframe-filter-plugin, what does the same as the change for SECURITY-80, but with configuration option.
See here for details: