Hello,
we are developing a Confluence Forge with custom UI. In our macro we would like to display images that are attached to the Confluence page the macro is on.
In the past this worked without a problem. We get the image via the Get Attachments API and use the downloadLink in the response to display the image.
Now we encounter the following problem: When using the macro in Chrome everything works, in a Chrome private window or Firefox window or private Firefox window it breaks.
I assume this is due to the cookies send with the GET request to download the images. In Chrome a cookie is send with the request and in all other cases this cookie is not send.
This results in the following cases:
With Cookie: The GET request to developer-site.atlassian.net/wiki/download/attachments/... gets redirected to https://api.media.atlassian.com/file/... which returns the image
Without Cookie: The GET request to developer-site.atlassian.net/wiki/download/attachments/... gets redirected to /wiki/login.action?os_destination=%2Fdownload%2Fattachments% which results in multiple redirects trying to log is. In the end this fails.
Do you know what changed that this is no longer working and is there a way we can make this work? Or is there an other endpoint where we can get the attached images from?
The reason why the cookies are missing is the “Enhanced Tracking Protection” feature in Firefox, which blocks cross-site cookies by default. Google is going to ship the same feature in a few months, so this error will occur in Chrome as well if it’s not fixed soon.
Thanks for the answer. I was not aware that Firefox shipped this. Disabling “Enhanced Tracking Protection” makes it work again in Firefox. I will investigate further and see whether I open a issue with Atlassian.
