XSRF-Problems when using new requestConfluence() method from @forge/bridge

Hi,

First of all, we love that customUI apps can now use requestConfluence()/requestJira() directly. While trying out the new calls, we did however run into the following problem:

When making a POST request to /wiki/rest/api/content/123456/label we get an http 403 response with an error message that simply says: “XSRF check failed”
Here’s the code we use:

 const options = {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: `[
        {
          "prefix": "global",
          "name": "some_label"
        }
      ]`
    }
      const url = `/wiki/rest/api/content/${contentId}/label`;
      const response = await requestConfluence(url, options);
      console.log(response.text());

I believe that we do have the correct scopes, with this:

permissions:
  scopes:
    - "write:confluence-content"
    - "read:confluence-content.summary"
    - "read:confluence-user"

And we can make other requests with no issues; this one for example yields the expected result (the current user):

    const url = `/wiki/rest/api/user/current`;
    const response = await requestConfluence(url);
    console.log(await response.text());

So, is there anything we are doing wrong or are there any other permission we need to set?

Any help would be greatly appreciated.

Thanks,
Oliver

2 Likes