Rate this page:
Having visibility and control over the external systems that your app communicates and shares data with helps maintain the security of your app and your app users.
To do this, we require adding permissions to share data with external resources, as well as to use custom Content Security Policies (CSP).
When using the Forge platform, you need to disclose the endpoints that your app will be sending data to and receiving data from. This covers actions being performed on the frontend of your custom UI app, for example, send analytics payloads, or load images from a third-party website.
To disclose these endpoints, you need to include new entries in the section of the file of your app.
For example, to include images from a third-party website (for example, ), use the following configuration:
1 2 3 4
permissions: external: images: - '*.giphy.com'
By default, Atlassian blocks any policies that are considered unsafe for your custom UI app. To include items, such as , you need to declare these items in the file of your app. You can do this by including new entries in the section of the file.
For example, to allow inline CSS in our app, use the following configuration:
1 2 3 4
permissions: content: styles: - 'unsafe-inline'
You must define the new entries in the file before you deploy the app. See Permissions to know how to define these new entries in both and sections.
Note, modifying these entries may result in a major version upgrade of your app. Your app users may again be required to agree to the permissions of your app. See the Upgrade the app section below for more details.
In the section, add and remove and entries as needed.
For example, add the unsafe-inline style CSP, and *.giphy.com for the images.
1 2 3 4 5 6 7
permissions: content: styles: - 'unsafe-inline' external: images: - '*.giphy.com'
In the file of your custom UI app, you can now leverage the new configuration:
1 2 3 4 5 6
<html> <body> <p style="color: blue; font-size: 46px;">Hello world!</p> <img src="https://media1.giphy.com/media/d2jioMTLON9bDogE/giphy.gif" /> </body> </html>
In the above example, we're using to modify our style, as well as include an from a third-party website.
Run the command to reflect these changes in your app.
You can use the command to help detect any invalid entries in the permissions of your app. For example, Atlassian supports a limited number of external URL formats. If an invalid URL format is detected in your app permissions, the linter highlights the invalid URL, and a recommendation to fix it, as shown in the example below:
/Users/agrant/my-apps/hello-world-app/manifest.yml 38:11 error Invalid 'external.fetch.client' permission in the manifest.yml file - 'https://example.com?test=key'. Learn more about permissions at: http://go.atlassian.com/forge-permissions. valid-permissions-required
After fixing the URL, run to deploy the changes. Note, if we detect major changes in your app, you may need to complete the Upgrade the app section below to deploy the changes.
A major version upgrade of your app may be needed for any of the following:
Changes to the app’s permissions won’t take effect until the app is upgraded. If you’ve previously deployed your app and a major change is detected, you’ll need to redeploy your app.
To upgrade your app:
Start the upgrade by running:
forge install --upgrade
You’ll see output that’s similar to the following example:
1 2 3 4 5 6 7
┌───────────────┬──────────────────────────────┬────────────┬─────────────┐ │ Environment │ Site │ Product │ Scopes │ ├───────────────┼──────────────────────────────┼────────────┼─────────────┤ │ ❯ development │ example-dev.atlassian.net │ Jira │ Latest │ │ development │ example-dev.atlassian.net │ Confluence │ Latest │ │ production │ example.atlassian.net │ Confluence │ Out-of-date │ └───────────────┴──────────────────────────────┴────────────┴─────────────┘
Select the installation to upgrade by using the arrow keys, and then press the enter key to upgrade the version of the app installed.
Make sure to repeat these steps for each installation listed for the site that you're upgrading. After completing these steps, your app will now run with the implemented updates.
Rate this page: