A critical issue has emerged that is crashing our app (Scroll Documents) for some of our customers.
I have a page with the ID
123. I can access it through
If this page is restricted so that only I can view it, I can still access it using the browser through both URLs. However, using
AP.request, I can only access it using
/rest/api/content/123, but not through
I have narrowed down the problem to a HTTP header that
AP.request is adding:
Ap-Client-Key: k15t-scroll-document-versions-for-confluence. When this header is present, access through
AP.request('/rest/api/search') does not work. When it is not present, it works.
I have also narrowed down and found out that the problem only exists for pages that the app user does not have access to. If I add the app user specifically to the page restrictions of a restricted page, it works again. The problem also exists for unrestricted pages in spaces whose permissions are not allowing the app user.
So far we have not been using the app user at all, so we have been telling our customers that they do not need to give it access. From a security perspective, this new behaviour also doesn’t make any sense, since it is possible to access the content, just not through the search API.
From the reports of our customers, it seems that this behaviour started a couple of days ago. It seems that it started before the broken new search API went live.