UI Kit components
Frame (EAP)
UI Kit hooks
Forge bridge APIs
Jira bridge APIs
Upgrade UI Kit versions
Previous versions

Custom UI iframe

All Custom UI apps are run within an iframe. This provides a secure and isolated hosting environment for custom-built user interfaces. This page describes the preset permissions of the iframe.

iframe permissions

The following permissions are applied to the iframe by default and cannot be modified by the developer of the Forge application.

Feature policies

A number of feature policies are specified for the Custom UI iframe. These policies define the features that are available to the iframe based on the origin of the request.

The following table lists the feature policies configured for the Custom UI iframe.

Sandbox restrictions

The iframe also has a set of sandbox attributes that enable extra restrictions for the content in the iframe.

The following table lists the sandbox attributes applied to the Custom UI iframe.

Sandbox attributeDescription
allow-downloadsAllows downloads to be started via a user gesture.
allow-formsAllows the resource to submit forms.
allow-modalsAllows the resource to open modal windows.
allow-pointer-lockAllows the resource to use the Pointer Lock API.
allow-same-originAllows the iframe content to be treated as being from the same origin as its parent.
allow-scriptsAllows the resource to run scripts, but not create pop-up windows.

Rate this page: