Sandboxed iframe allowlist missing option

According to the documentation (Change notice: Sandboxing of Connect App iframes), the sandboxed iframe should include “allow-top-navigation-by-user-activation” in the allow list.
I have created a Custom UI macro for Confluence, but the generated sandboxed iframe does not include the “allow-top-navigation-by-user-activation” option. The list includes only these:

“allow-downloads allow-forms allow-modals allow-pointer-lock allow-same-origin allow-scripts”

Is there a way to configure this?

Thanks!

Hi @magnus,

The documentation you have linked only applies to Connect-based apps. As you are using Custom UI with Forge, the list of sandbox restrictions is different, see: https://developer.atlassian.com/platform/forge/custom-ui/iframe/#sandbox-restrictions

At the moment, it’s not possible to configure those.

However, If your intent is only to navigate the host window, you should be able to achieve that with Custom UI router API.

See the docs for reference: https://developer.atlassian.com/platform/forge/custom-ui-bridge/router/

1 Like