Forge bridge 2.2.0 '@forge/bridge'; request Confluence forbidden 403

Hey Atlassians,

after updating the “@forge/bridge” dependency from 1.5.0 to 2.2.0 i can not use {requestConfluence} from “@forge/bridge” anymore to create a space by using the the following endpoint from the custom ui frontend:

return requestConfluence(`/wiki/rest/api/space`, {
		method:  'POST',
		headers: {
			'Accept':       'application/json',
			'Content-Type': 'application/json'
		},
		body:    JSON.stringify(formattedRequest)
	});

on the response i always get back a 403 forbidden.

If i perform the same operation by introducing a resolver in the backend and passing the exact same payload like this:

resolver.define('createSpace', async ({payload, context}) => {
	return api.asUser().requestConfluence(route`/wiki/rest/api/space`, {
		method:  'POST',
		headers: {
			'Accept':       'application/json',
			'Content-Type': 'application/json'
		},
		body:    JSON.stringify(payload.formattedRequest)
	});
});

it works.

I added all the confluence scopes available to the manifest just to make sure this is not a problem of scopes.

Is this a bug or can you help me?

Thanks in advance,

Martin

Hi @MartinKistnerDecadis,

Thanks for raising this problem. Unfortunately, this is a bug and will require a fix that is far from trivial as it requires updating the way that our REST APIs do XSRF checks.

The workaround you have suggested is the currently recommended workaround. I’ll look into adding this information to the docs for the Custom UI bridge, and will raise this with my team to see if we can find a long term solution here.

You can also keep track of this issue at [FRGE-327] - Ecosystem Jira.