Attachments no Longer Open in Browser Users are Prompted to Download
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
After upgrading to Confluence version 5.1 or newer, attachments files are no longer opening in the browser itself, users are being prompted for download.
Cause
The current behavior (Confluence not allowing attachments to be opened in the browser) is a side effect of a security improvement added to the product. As attachments can be "active content", the behavior in Confluence will not be reverted.
Workaround
1. Click on cog at the Confluence header and choose "Confluence Admin"
2. Under "Users & Security" choose "Security Configuration".
3. Click any of the "Edit" buttons on the page and find the "Attachment Download Security Policy" section.
4. Select the "Insecure: Display all attachments inline" option and click "Save".
Was this helpful?