Assets object view failed to load Attributes, Connected Tickets, History tab
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When viewing an object in Jira, Attributes, Connected Tickets and History sections related to the Object is displayed as blank as shown below
Environment
All JSM Versions deployed with HAProxy
Diagnosis
- Open the Browser Developer Tools (usually by pressing F12 or right-clicking the page and selecting "Inspect").
- Navigate to the "Console" tab.
- Access an Object in Jira UI and will observe the Attributes, Connected Tickets, History tab are not loading (showing as blank)
Observe the error message in Console tab
Refused to frame 'https://jira-url/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors jira-test01 *.jira-test02 *.jira-test03".
Cause
The root cause of this issue is that the Jira base URL is not included in the frame-ancestors
directive within the Content Security Policy (CSP).
In HAProxy, the frame-ancestors
directive controls which sources are allowed to embed your content within an HTML <frame>
, <iframe>
, <embed>
, or <object>
. This is a critical security measure to prevent clickjacking attacks. If the Jira base URL is not listed in the frame-ancestors
directive, the content will be blocked from displaying in iframes, leading to the issue observed.
Solution
To resolve this issue, request HAProxy administrator to add the Jira base URL to the frame-ancestors
directive in the Content Security Policy configuration. This can be done by updating HAProxy Configuration using below command
http-response set-header Content-Security-Policy "frame-ancestors 'self' https://jira-url/ *.jira-test01 *.jira-test02 *.jira-test03;"
Ensure to take backup of HAProxy configuration before making changes
Once the HAProxy configuration is updated, reload the HAProxy service to apply the changes. After the configuration is updated, revisit the Jira UI and check if the Attributes, Connected Tickets, and History sections are now visible