Assets object view failed to load Attributes, Connected Tickets, History tab

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When viewing an object in Jira, Attributes, Connected Tickets and History sections related to the Object are blank.

Environment

All JSM Versions deployed with HAProxy

Diagnosis

  1. Open the Browser Developer Tools (usually by pressing F12 or right-clicking the page and selecting "Inspect").

  2. Navigate to the "Console" tab.

  3. Access an Object in Jira UI and will observe the Attributes, Connected Tickets, History tab are not loading (showing as blank)

  4. Observe the error message in Console tab

    1 Refused to frame 'https://jira-url/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors jira-test01 *.jira-test02 *.jira-test03".

Cause

The root cause of this issue is that the Jira base URL is not included in the frame-ancestors directive within the Content Security Policy (CSP).

In HAProxy, the frame-ancestors directive controls which sources are allowed to embed your content within an HTML <frame>, <iframe>, <embed>, or <object>. This is a critical security measure to prevent clickjacking attacks. If the Jira base URL is not listed in the frame-ancestors directive, the content will be blocked from displaying in iframes, leading to the issue observed.

Solution

To resolve this issue, request HAProxy administrator to add the Jira base URL to the frame-ancestors directive in the Content Security Policy configuration. This can be done by updating HAProxy Configuration using below command

1 http-response set-header Content-Security-Policy "frame-ancestors 'self' https://jira-url/ *.jira-test01 *.jira-test02 *.jira-test03;"

Ensure to take backup of HAProxy configuration before making changes

Once the HAProxy configuration is updated, reload the HAProxy service to apply the changes. After the configuration is updated, revisit the Jira UI and check if the Attributes, Connected Tickets, and History sections are now visible

Updated on March 17, 2025
Platform
Data Center only
Product
Jira Service Management Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community