HTML Macros Fail after Upgrading to 3.4 or Later Due to External URL References to Local Resources
症状
After upgrading Confluence from previous versions to 3.4 or above, javascript includes and HTML macros that reference external mechanisms fail.
Example codes:
{html}
<script src=http://<server base URL>/download/attachments/xxxxxx/">
{html}
または
{html}
<applet
width=300
height=600
archive="xxxx.jar,
code="com.atlassian.someclass.class"
codebase="http://<server base URL>/download/attachments/xxxxxx/">
.....
</applet>
{html}
原因
This is caused by Tomcat not allowing 'include' script and applet URL references to prevent possible XSRF and session hijacking. External source references will be cause tomcat to redirect the request to the login page. This will cause a failure to load the URL specified in the src parameter.
回避策
Create a dedicated Apache HTTP server or new context within Tomcat (separate from Confluence), and use these to host the external javascript files or class jar files.
ソリューション
Edit the Tomcat server.xml file. Under the context attribute, remove the words:
useHttpOnly="true"
Before removing this, please consider there are security implications as per this Tomcat bug report.