External fetch permissions

Ben3 · June 20, 2022, 12:21pm

Context to my project is that I am triggering a function based on confluence page events. I am using an async function called pageTrigger to determine if they are created or updated events:

function:
    - key: main
      handler: index.run
    - key: pageTriggerFunction
      handler: pageTrigger.pageTrigger
  trigger:
    - key: pageTriggerEvent
      function: pageTriggerFunction
      events:
        - avi:confluence:created:page
        - avi:confluence:updated:page

export async function pageTrigger(event, context)

I am then trying to post data to an external API using the Fetch API. Like so:

console.log('TriggerCreatedWebhook at bcp url ', fullURL)

    const result = await fetch(fullURL, {
        method: 'post',
        headers: {
            'Content-Type': 'application/json',
            'x-api-secret-key': apiKey,
        },
        body: JSON.stringify(payload)
    });
    const status = result.status;
    console.log('TriggerCreatedWebhook STATUS ', status)

I have added the permissions in the manifest file like below.
Using these permissions work as expected with forge tunnel:

permissions:
  external:
    fetch:
      backend:
        - "*"

Deploying and authorizing the forge app in development or staging mode after deployment the pageTrigger function is triggered (seen in forge logs in staging, dev and tunnel), but no POST request to the external API is triggered (not seen in proxy logs or API logs).

Even when I add a domain like:

permissions:
  external:
    fetch:
      backend:
        - "*"
        - "*.selfhosted.io"

This time authorizing the app mentions 1 external domain. But again, tunnelling works and the development and staging deployments the Fetch don’t reach the API.
Are there any other permissions I am required to add to the manifest file for the requests to reach an external destination?
Thanks for any help

HarshithRS · July 23, 2024, 10:58am

Hey did you find any fix for this?, facing the same issue

enterbios · November 29, 2024, 10:47am

Hi, bump. I’m fighting with very similar issue but in Jira Forge App. I’m trying to make a call to GitHub from a webtrigger function:

    const response = await fetch("https://github.com/login/oauth/access_token", {
        method: 'POST',
        headers: {
            'Accept': 'application/json',
        },
        body: JSON.stringify(accessTokenRequest)
    });

and always getting the URL not included in the external fetch backend permissions even though I do have it added to the manifest file:

permissions:
  scopes:
    - storage:app
    - read:jira-work
    - write:jira-work
  external:
    fetch:
      backend:
        - '*.github.com'
        - '*.github.com/*'

(I did deploy and reinstall and everything). Are external.fetch.backend permissions respected in the forge webtrigger functions?

BTW This question is two years old and still waiting for a reply - Atlassian not helping developers with such problems is not helping the platform addoption.

JoyBanerjee · December 31, 2024, 6:15pm

Any update on this issue ?
In my case also tunneling works however development deployment didn’t work .
One point I observe when I define external domain in manifest files , during deployment it is showing
App [x.0.0] in [development] is not eligible for Runs on Atlassian.
*App is using remote services

App is egressing data
I am wondering because of this is not eligible actual deployment didn’t work .

enterbios · January 10, 2025, 3:14pm

Just in case someone is having a similar problem. Specifying *.github.com did not work, but specifying https://github.com did. According to the documentation both should work but that was not the case for me.

JoyBanerjee · January 17, 2025, 12:23pm

It works for me when using the call with axios. Both dev deployment and tunneling works as expected.