I am running into an issue, and I’ll admit I am very new to forge development. I keep getting errors thrown on my page cannot connect to an external (although currently just Atlassian) api
Refused to connect to 'https://mydomain.atlassian.net/' because it violates the document's Content Security Policy.
I have done a lot of googling but havent quite gotten it to work. I have placed the exceptions in my manifest.yml file like so:
permissions:
external:
fetch:
backend:
- https://mydomain.atlassian.net/*
client:
- https://mydomain.atlassian.net/*
but continue to get the error when simply attempting to connect to the API (no refusal to connect, just the CSP error.
I feel like connecting to the Atlassian API is something that is allowed (please correct me if I am wrong), but is connecting to an external one allowed as well?
Any help would be greatly appreciated in getting this novice off the ground
Welcome to the Atlassian developer community @JordanBerry,
Atlassian domains are a special case. We don’t consider them “external” even if they are external from your App’s installed site. Can you try something else, like a request to http://httpbin.org/? Or is there a specific reason you were trying to call another Atlassian site?
Hey Ian, thank you for your response!
When trying, I got this from the front end:
Refused to connect to 'http://httpbin.org/' because it violates the document's Content Security Policy.
And this from my console
Invalid 'external.fetch.client' permission in the manifest.yml file - 'http://httpbin.org/*'. Learn more about permissions at: https://go.atlassian.com/forge-permissions.
manifest looks like this:
permissions:
external:
fetch:
backend:
- 'http://httpbin.org/*'
client:
- 'http://httpbin.org/*'
Right now, I would like to be able to reach out to the host Jira site, as well as admin.atlassian.com to get the org information and display it on screen. How would I connect to the host Atlassian site/Admin site?
@JordanBerry,
I’m sorry; I gave you wrong directions by one letter. As stated in the valid domain formats documentation:
An https or wss URL, such as https://www.example-dev.com.
So https://httpbin.org should work (https not just http). Or just httpbin.org (the 2nd rule says it can be just a valid domain name).
For other Atlassian sites or domains, there aren’t any documented solutions. The Forge fetch is also trying to abstract over authentication so I’m not sure how you could inject proper authentication, even if the egress permissions did not block your client.
Perhaps Atlassian Connect is a better fit for your needs? While it doesn’t have any specific features to help your use case, it also doesn’t prevent you from making any HTTP requests your app needs.