Bamboo fails to add a new repository with an "endless spinning wheel" animation

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When adding a repository in Bamboo, after submitting the changes, Bamboo will not refresh the page and will hang with an "endless spinning wheel" animation such as:

Environment

Bamboo 7, 8

Diagnosis

The browser is not receiving or is ignoring the response from the server after the POST

This KB is not the solution to the following BUG:

BAM-21541 - Getting issue details... STATUS

Though both share similar symptoms, the issues are different.


Cause

After submitting a new repository creation, Bamboo sends a response to the browser containing an Inline Frame element (iframe). That response is being blocked or explicitly disabled by an X-Frame-Options: DENY header injected by the Reverse Proxy or Load Balancer.

That can be confirmed after generating a HAR file and checking for the response data:

In the example below, notice that the Reverse proxy duplicates some headers and also adds an X-Frame-Options: DENY on top of Bamboo's default X-Frame-Options: SAMEORIGIN

content-encoding gzip
content-language en-US
content-type text/html;charset=UTF-8
date Fri, 24 Jun 2022 08:13:17 GMT
server nginx/1.20.1
strict-transport-security max-age=31536000
vary Accept-Encoding
x-content-type-options nosniff
x-content-type-options nosniff
x-frame-options SAMEORIGIN
x-frame-options DENY
x-seraph-loginreason OK
x-xss-protection 1; mode=block


Solution

Starting from Bamboo 5.14, X-Frame-Options: SAMEORIGIN is enabled by default in HTTP response headers in order to provide ClickJacking protection

Work with the Infrastructure team to either remove any ClickJacking protection on your Reverse Proxy/Load Balancer. Alternatively, if the X-Frame-Options header can't be removed, forcibly set it as SAMEORIGIN for the Bamboo URL.



Last modified on Jun 30, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.