Assets object view failed to load Attributes, Connected Tickets, History tab

Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When viewing an object in Jira, Attributes, Connected Tickets and History sections related to the Object is displayed as blank as shown below

Environment

All JSM Versions deployed with HAProxy

Diagnosis

  1. Open the Browser Developer Tools (usually by pressing F12 or right-clicking the page and selecting "Inspect").
  2. Navigate to the "Console" tab.
  3. Access an Object in Jira UI and will observe the Attributes, Connected Tickets, History tab are not loading (showing as blank)
  4. Observe the error message in Console tab

    Refused to frame 'https://jira-url/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors jira-test01 *.jira-test02 *.jira-test03".

Cause

The root cause of this issue is that the Jira base URL is not included in the frame-ancestors directive within the Content Security Policy (CSP). 

In HAProxy, the frame-ancestors directive controls which sources are allowed to embed your content within an HTML <frame>, <iframe>, <embed>, or <object>. This is a critical security measure to prevent clickjacking attacks. If the Jira base URL is not listed in the frame-ancestors directive, the content will be blocked from displaying in iframes, leading to the issue observed.

Solution

To resolve this issue, request HAProxy administrator to add the Jira base URL to the frame-ancestors directive in the Content Security Policy configuration. This can be done by updating HAProxy Configuration using below command

http-response set-header Content-Security-Policy "frame-ancestors 'self' https://jira-url/ *.jira-test01 *.jira-test02 *.jira-test03;"

Ensure to take backup of HAProxy configuration before making changes

Once the HAProxy configuration is updated, reload the HAProxy service to apply the changes. After the configuration is updated, revisit the Jira UI and check if the Attributes, Connected Tickets, and History sections are now visible

Last modified on Aug 22, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.