"An unexpected error occurred." message when attempting to install connect plugin in Confluence configured with custom domain

Hello,

The upm displays this error when trying to install our app in a Confluence instance configured with custom domain name:

Based on the network trace from the browser it seems that at some point the server is redirecting the client from the custom domain url to the atlassian.net based url:

Column 1 Column 2
Request URL: https://[custom domain name].com/wiki/rest/plugins/1.0/pending/21eb-10d8-40-6-6037?_=1710908071604
Request Method: GET
Status Code: 303 See Other
Location: https://[atlassian domain name].atlassian.net/wiki/rest/plugins/1.0/

However, the browser does not attempt the redirect because of the CORS policies:
Access to XMLHttpRequest at ‘https://[atlassian domain name].atlassian.net/wiki/rest/plugins/1.0/…-key’ (redirected from ‘https://[custom domain name]/wiki/rest/plugins/1.0/pending/21b-10d8-60-8a26-6637?_=1710908071604’) from origin ‘https://[custom domain name]’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Could you please tell me if there is anything we need to check in the Confluence configuration or if there is any work-around for this issue?

Thank you,
Bogdan

FYI, I installed multiple apps on a Confluence with custom domain without any issue yesterday, and almost every feature of my apps were working fine.

I am strongly thinking after this message that Atlassian forget to enable all feature flags on some/most domain, resulting on different bugs.

1 Like

Hey @mabo,

As @SilvreLestang has suggested, this relates to the enablement of feature flags for apps enabled for this EAP. We’re looking into this and will provide an update once things should be working for you.

@SilvreLestang you noted that almost every feature is working fine; I’d be keen to understand if there is anything which isn’t working due to the enablement of custom domains.

Cheers,
Sean

1 Like

@SeanBourke we encounter 2 small issues:

  1. the custom domain needed to be added to the CSP header otherwise users’ avatar are not show in user picker
  2. a URL that we generate in Jira to access a Confluence page on the same instance is using the non-custom domain as baseUrl. We need to find where this value is coming from and adapt our code.

Hey @SilvreLestang,

Thanks for sharing this feedback.

Are you using an Atlassian component to load this content? Is it not accessible through the existing *.atlassian.net/wiki domain?

A Confluence app would not have awareness of a Jira app having a custom domain; we only send context for product which the app is installed. With that said, custom domains should support redirection from the existing baseUrl to the custom domain - for example, you can see this when setting up a custom domain for JSM today.

We are using our own component to render this user picker (this is very old code migrated from server). It does a request to https://***.atlassian.net/wiki/rest/api/search?cql=user.fullname~%22s%22&_r=1711447678964 to list the user matching a string.

The endpoint returns users like:

{
    "results": [
        {
            "user": {
                "type": "known",
                "accountId": "557058:cbc04d7b-be84-46eb-90e4-e567aa5332c6",
                "accountType": "app",
                "publicName": "Confluence Analytics (System)",
                "profilePicture": {
                    "path": "/wiki/aa-avatar/557058:cbc04d7b-be84-46eb-90e4-e567aa5332c6",
                    "width": 48,
                    "height": 48,
                    "isDefault": false
                },
                "displayName": "Confluence Analytics (System)",
                "isExternalCollaborator": false,
                "_expandable": {
                    "operations": "",
                    "personalSpace": ""
                },
                "_links": {
                    "self": "https://***.atlassian.net/wiki/rest/api/user?accountId=557058:cbc04d7b-be84-46eb-90e4-e567aa5332c6"
                }
            },
            "title": "Confluence Analytics (System)",
            "excerpt": "",
            "url": "/people/557058:cbc04d7b-be84-46eb-90e4-e567aa5332c6",
            "breadcrumbs": [],
            "entityType": "user",
            "iconCssClass": "aui-icon content-type-profile",
            "lastModified": "2024-03-26T10:07:59.324Z",
            "score": 0.0
        },
      ...
   ]
}

We use the profilePicture.path, therefore fetching images from https://test.pauloalves.elements-apps.com/wiki/aa-avatar/{ID or UUID} which is blocked:

Refused to load the image 'https://test.pauloalves.elements-apps.com/wiki/aa-avatar/******' because it violates the following Content Security Policy directive: "img-src 'self' https://*.atlassian.net https://*.atl-paas.net https://*.gravatar.com https://*.wp.com https://*.atlassian.com data: https://*.amazonaws.com".