You're visiting the Confluence Knowledge Base. Visit the Confluence Knowledge Base Home for an overview.

Skip to end of metadata
Go to start of metadata


After upgrading Confluence from previous versions to 3.4 or above, javascript includes and HTML macros that reference external mechanisms fail.

Example codes:



This is caused by Tomcat not allowing 'include' script and applet URL references to prevent possible XSRF and session hijacking. External source references will be cause tomcat to redirect the request to the login page. This will cause a failure to load the URL specified in the src parameter.


Create a dedicated Apache HTTP server or new context within Tomcat (separate from Confluence), and use these to host the external javascript files or class jar files.


Edit the Tomcat server.xml file. Under the context attribute, remove the words:

Before removing this, please consider there are security implications as per this Tomcat bug report.

Help us improve!
Is this article helpful?
Is it well written?
Is the content complete?