I’m looking to migrate a server version of my app to Confluence Cloud. The main roadblock is that Confluence Cloud seems to block all external content even if it is iframed (which my app relies on, there is no way to circumvent this).
So, my question is: Is there any way do define a Content-Security-Policy: frame-src header for Confluence Cloud? If not, are there plans to implement this as a adminstrator-configurable setting at some point?
And finally, if this is not possible or planned. How are you suppose to include external content in Confluence Cloud?!?
Hi @JonasFrantz,
I assume you are talking about forge (Custom UI) iframes here? Because Connect apps / iframes can define their own CSP and you should not be experiencing any issue like this there. But even though the CSP restrictions currently make things more complicated in forge you should still be able to integrate with external services via using the fetch api in your forge functions.
Hope this clears some things up for you!
Cheers,
Sven
3 Likes