Hello, after moving my module to forge in atlassian confluence, Intercom usage had a problem, links inside don’t work (only using open new tab) so this is mainly because of the forge security layer.. As I think that popups and opening links but with forge router, in case like that how to solve that problem, and allow links to open in iframes : THE ERROR: Blocked opening ‘``https://google.com/``’ in a new window because the request was made in a sandboxed frame without the ‘allow-popups’ permission. Btw i added the link to manifest external fetch client
Yep - setting client egress to * is intentionally “broad” because it enables allow-popups / allow-popups-to-escape-sandbox, i.e. letting an embedded iframe escape the sandbox to open a new tab/window. After that, Atlassian can’t enforce what happens in the popup, so this is why it’s opt-in and currently only supported via client: '*' (CHANGE-2794).
If you want a safer workaround, don’t let the embedded iframe open windows directly. Instead, trigger navigation from your Forge Custom UI (parent) using @forge/bridge router:
import { router } from "@forge/bridge";
await router.open("https://Intercom.com"); // opens in new tab/window (with user prompt for external URLs)
or
import { router } from "@forge/bridge";
await router.navigate("https://Intercom.com"); // opens in the same tab (with user prompt for external URLs)
If Intercom is truly a 3rd-party embedded iframe, you usually can’t intercept link clicks inside it (cross-origin restrictions). In that case, the practical options are:
• enable popups from frames via client: ‘*’, or
• avoid embedding and provide a “Open Intercom” button/link in your parent UI that uses router.open(…)