How to dynamically set frames in Forge manifest?

AyashaSikilkar · August 13, 2025, 6:32am

Earlier in Forge, we could open any external website in an iframe by setting:
external:
frames:
- “*”
Now, the * wildcard no longer works, and we have to manually list each domain.

for example:
external:
frames:
- www.google.com
In my use case, the external link changes dynamically based on user actions, so I can’t always know the domain in advance.

Is there any way to dynamically set or update the frames in manifest.yml without hardcoding each link?

SeanBourke · August 13, 2025, 7:50am

Hey @AyashaSikilkar,

I’m unable to find reference to changes which would have impacted this in the changelog - I’d recommend raising a developer support ticket to have this investigated by the owning team.

Looking forward, we are working on delivering Customer Managed Egress which would support the ability for customers to define which frames can be added, rather than having to declare *.

LoganElliott · August 19, 2025, 10:50pm

Hey @AyashaSikilkar

if you do

external:
  frames: ['*']

does this work for you?

AyashaSikilkar · August 20, 2025, 5:10am

Hey @LoganElliott,

The solution you suggested is working, but while deploying, I can see 2 warnings:

Warning: Global URL usage detected for ‘external. frames’ permission in the manifest.yml file. We recommend using a more specific URL. valid-permissions-required.
warning: There are deprecated egress permission entries for ‘frames’ in the manifest.yml file, valid-permissions-required

LoganElliott · August 21, 2025, 3:24am

Hi @AyashaSikilkar

Warning 1 is expected because you are using a wildcard egress is not recommended.

Warning 2 is because the now recommended way to write egress is like so:

permissions:
   external:
      fetch:
         client:
            - address: '*.example-dev.com'
              category: analytics
              inScopeEUD: false

doing

permissions:
  external:
     fetch:
       client:
         - address: '*'

also works

see https://developer.atlassian.com/platform/forge/manifest-reference/permissions/#egress-permissions for details

AyashaSikilkar · August 21, 2025, 5:50am

Hi @Logan Elliott,

Thank you for the clarification.

nathanwaters · August 21, 2025, 7:26am

I assume this structural change in how egress permissions are declared will result in a major version update, requiring a manual app update?

And the problem with that is ~90% of admins do not manually update apps. And the problem with that is you quickly end up with Forge apps where ~99% of installs are running outdated/broken app versions.

Meanwhile Atlassian just randomly makes these frivolous changes every few weeks with no regard to this versioning death spiral.