Problem

The content of the Insight widget is not showing 

Diagnosis

Environment

• This happens on Jira integrated with Confluence and each on different domain. For example, https://myjira.com and https://myconfluence.com. 

Diagnostic Steps

• If you bring up the browser's developer tools and switch to the Console tab, there are errors as shown in the screenshot above.

  Refused to frame '<Jira_base_URL>' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
  
  Failed to load resource: the server responded with a status of 401 ()

Cause

There are security headers blocking the widget content to be loaded as explained here - Security Headers in Jira

Resolution

Following this KB about security headers in Jira, one of the solutions is to exclude some paths. Here are the steps and the list of paths to be excluded specifically for this issue.

1. Follow Setting properties and options on startup to determine the file to be edited.
2. These paths shall be excluded for the widget content to be loaded. There's also an example of how the argument looks like in setenv.bat or setenv.sh.
   1. /rest/gadgets/1.0/
   2. /rest/insight/1.0/

   3. /rest/insight-widgets/

      JVM_SUPPORT_RECOMMENDED_ARGS="-Dcom.atlassian.jira.clickjacking.protection.exclude=/rest/gadgets/1.0/,/rest/insight/1.0/,/rest/insight-widgets/"

3. Restart Jira for the changes to be applied.
4. Refresh the Confluence page to load the widget once Jira is back online.