Bamboo fails to add a new repository with an "endless spinning wheel" animation

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When adding a repository in Bamboo, after submitting the changes, Bamboo will not refresh the page and will hang with an "endless spinning wheel" animation.

Environment

Bamboo 7, 8

Diagnosis

The browser is not receiving or is ignoring the response from the server after the POST

This KB is not the solution to the following BUG:

BAM-21541 - Add Repository from a Plan fails when there are thousands of repositories in DB which is fixed in 8.1.2, 8.2.0

Though both share similar symptoms, the issues are different.

Cause

After submitting a new repository creation, Bamboo sends a response to the browser containing an Inline Frame element (iframe). That response is being blocked or explicitly disabled by an X-Frame-Options: DENY header injected by the Reverse Proxy or Load Balancer.

That can be confirmed after generating a HAR file and checking for the response data:

In the example below, notice that the Reverse proxy duplicates some headers and also adds an X-Frame-Options: DENY on top of Bamboo's default X-Frame-Options: SAMEORIGIN

1 2 3 4 5 6 7 8 9 10 11 12 13 content-encoding gzip content-language en-US content-type text/html;charset=UTF-8 date Fri, 24 Jun 2022 08:13:17 GMT server nginx/1.20.1 strict-transport-security max-age=31536000 vary Accept-Encoding x-content-type-options nosniff x-content-type-options nosniff x-frame-options SAMEORIGIN x-frame-options DENY x-seraph-loginreason OK x-xss-protection 1; mode=block

Solution

Starting from Bamboo 5.14, X-Frame-Options: SAMEORIGIN is enabled by default in HTTP response headers in order to provide ClickJacking protection

Work with the Infrastructure team to either remove any ClickJacking protection on your Reverse Proxy/Load Balancer. Alternatively, if the X-Frame-Options header can't be removed, forcibly set it as SAMEORIGIN for the Bamboo URL.

Updated on March 24, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community