(Apologies if this has been asked & answered before…I searched but couldn’t find anything)
Is it possible for Forge app developers to specify a custom domain (CNAME) for their app’s iframe?
e.g.
NAME TYPE VALUE
-------------------------------------------------------------
myapp.example.com. CNAME [app_uuid].cdn.prod.atlassian.net.
Why?
One of our Connect apps (a dynamic content macro for Confluence) fetches content from a user-supplied URL (specified as a macro parameter).
The fetch is performed by our app’s Javascript executing in the remote iframe (from the end user’s browser), and is therefore subject to CORS, which means that the response must include an Access-Control-Allow-Origin header.
Recall that this URL is hosted on a server that we don’t control, so our documentation includes instructions on what CORS headers the remote server must return.
For publicly accessible URLs, wildcards are allowed, e.g.
Access-Control-Allow-Origin: *
However, for credentialed requests, the CORS specification dictates that an explicit origin must be specified. Our Connect app’s remote iframe is served from Heroku, so our documentation for credentialed URLs currently specifies to return the header:
Access-Control-Allow-Origin: https://[our_app].herokuapp.com
When we migrate to Custom UI/Forge this will be a breaking change, as the Forge iframe will be served from a different origin, so our customers will need to update their configurations:
-Access-Control-Allow-Origin: https://[our_app].herokuapp.com
+Access-Control-Allow-Origin: https://[app_uuid].cdn.prod.atlassian.net
Ideally, we would like to get out ahead of this change now by setting up a custom domain for our Connect app, and get our customers to start switching over to this new domain ASAP.
The hope would be that we can reuse this same domain for our Forge app, so that the transition from Connect to Forge is a seamless as possible when the time comes.
(Also, asking our customers to configure a Forge URL that starts with a 36 character UUID is less than desirable; and we’re not sure if this UUID is stable and will never change?).
Is support for custom domains something that Forge currently has or will in the future?