Jira App Licensing and Safari Browser Restrictions

PrerakDiwan · July 14, 2020, 5:51am

Hi, Our team has a licensed app available on Jira Cloud platform.

We have followed similar steps to enable licensing given below and everything is working.

https://developer.atlassian.com/platform/marketplace/cloud-app-licensing/

As per the article from the above link :

Handling requests with the license status

Each incoming request from the Atlassian product site includes a query parameter named lic .

And we validate the each client’s license based of this parameter in each request we serve.

Now what Safari in their latest updates have enforced is to restrict “Cross Site Tracking” by default. Due to this, the licensing parameters that were part of each request in Referrer is blocked and we no longer are receiving this “lic” param in request. So our customers can’t access the app through Safari. When we enable the “Cross Site Tracking”, the app works fine and we receive “lic” every time.

Is there an alternate way of handling licensing from Jira Cloud apart from calling an API every time for each HTTP request?

We use both lic parameter and JWT tokens to intercept our each request coming from Jira.

Thank you for your time and help.

Prerak

danielwester · July 14, 2020, 6:35am

I would take a look at how you’re handling the jwt and lic query strings. The initial request to your app (the one that is iframed and generates all of the html) should be where you do the license check. Any resources coming off that - should not (or rather - you shouldn’t be relying on the referring being sent on).

It’s not just Safari that will block referrer headers but also enterprise level firewalls.

PrerakDiwan · July 14, 2020, 7:28am

Thank you for your reply, we are currently using Jira’s library to create requests to our servers. The iframes and request referrers are prepared by Jira’s library itself.

It would be nice if you can link a reference document here to which our team can refer and work it out.

Thank you