Hi, I’m creating a plugin for Jira cloud through Forge and I need to render an external iframe using a URL but I’m getting the error: Unrecognized Content-Security-Policy directive ‘navigate-to’.
I think I have the necessary permissions in the manifest.yml
permissions:
scopes:
- 'read:jira-user'
- 'read:jira-work'
external:
frames:
- 'https://tkbatchserver.com'
I’ve tried to render the { IFrame } tag from ‘@forge/ui’; but I get the error mentioned above
I have the same issue. It would be great if someone could shed some light on it.
I am also seeing this on a custom hosted forge ui app. In my scenario I am not trying to include an external frame. Just the main custom ui is not loading due to this in the console logs
Unrecognized Content-Security-Policy directive ‘navigate-to’
I do have the same issue, and I’m trying to understand why, however if I add the app manually via “…” menu I can see the app on the page.
@Atlassian-Staff any ideas?
I’m also getting this error from the template Jira Issue Action. I get this in the console log:
Unrecognized Content-Security-Policy directive ‘navigate-to’.
This shows it’s coming from this line in my index.html for my customUI app:
which was part of the template.Any ideas on this one?
Hi all,
The navigate-to directive was intended to be an additional security control, but it has been removed from the CSP spec and is currently not doing anything. We will look to remove this directive to avoid confusion when debugging. Aside from the message in the console log, it should not be interfering with any capabilities in your app. Issues with your external iframe or app not loading would be unrelated to this directive and we will need more details to help you debug what could be causing it.
To answer your original question @cristian , we do not have an Iframe component from the @forge/ui package. External frames are only possible in Custom UI and you can add it via the html iframe tag
<div><iframe src="https://tkbatchserver.com" /></div>