I am using Custom UI to make my forge app and in frame fetching a url.
<iframe style={{margin:'0px',width:'100%',height:'600px'}} src={externalContentUrl}></iframe>
const externalContentUrl =
${baseUrl}/xxxx/xxxx/xxxx.xx.webchat?isJira=true&jiraDomain=${encodeURIComponent(‘https://xxxxxxxxxxwrkspacesks.atlassian.net’)}&issueId=${encodeURIComponent(‘AG-1’)}&cardWidth=${430};
The problem is what is returned is just the html not scripts and the css. It lloks something like this:
What am i doing wrong ??
This is my manifest.yml file…
modules:
jira:issueContext:
- key: agent-assist-five-hello-world-context
resource: main
resolver:
function: resolver
title: Agent Assist
label: Custom UI
function:
- key: resolver
handler: index.handler
resources:
- key: main
path: static/hello-world/build
permissions:
external:
frames:
- 'https://xxxx.xxxx.ai/api/hook/xxxx.xxxx.webchat'
styles:
- 'https://fonts.googleapis.com/*'
- 'https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css' # Font Awesome
images:
- 'https://i.ibb.co/*'
- 'https://xxxxx-xxxxx.s3.amazonaws.com/*'
scripts:
- 'https://xxxxxxx.xxxxx.ai/xxxxx/js/w.js'
- 'https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.1.2/socket.io.js' # Socket.io
fetch:
backend:
- 'https://xxxx.xxx.ai'
content:
styles:
- 'unsafe-inline'
app:
runtime:
name: nodejs20.x
id: ari:cloud:ecosystem::app/7a7a91f7-8ddd-4549-882a-e624613eaedf
These errors are in the console
Try with those permissions
permissions:
content:
scripts:
- 'unsafe-inline'
- 'unsafe-eval'
- 'unsafe-hashes'
styles:
- 'unsafe-inline'
My suggestion is to determine: “Is this issue related to permissions or not?”
To do this:
- Apply “ALLOW ALL” permissions (do not use this in production; only for analysis):
content:
scripts:
- unsafe-inline
- unsafe-hashes
- unsafe-eval
styles:
- unsafe-inline
external:
images:
- "*"
scripts:
- "*"
styles:
- "*"
fonts:
- "*"
frames:
- "*"
media:
- "*"
fetch:
backend:
- "*"
client:
- "*"
- Deploy to the development environment, install with upgrade, and allow new permissions.
- Test your app again. If it works fine, the issue is NOT related to permissions.
Did it, Still same
@AndreiPisklenov what might be the issue?
The endpoint i am calling to , dynamically generates html and js and css…
In your endpoint response for the iframe, you're dynamically generating HTML that includes inline styles and scripts:
javascript
Copy code
const html = `<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
...
<style>${clintStyle}</style>
</head>
<body>
...
<script type="text/javascript" defer>${clintScript}</script>
</body>
</html>`;
What might be the isssue?
Great! If you remembered to redeploy the app, install it with the update, restart the tunnel, and reset the browser cache, it’s most likely not a security issue.
Try investigating other areas to locate the real problem. For example, insert a different iframe to check if it’s an issue with that specific iframe or if the embedded content itself is causing the problem:
<iframe width="640" height="480" src="https://www.youtube.com/embed/dQw4w9WgXcQ?si=Jh77JtJ-IGQkLz5T" title="YouTube video player" frameBorder="0"></iframe>
figured out i weas serving that response from backend …but forgot to update nginx proxy settings for my route .
1 Like