XSRF-Problems when using new requestConfluence() method from @forge/bridge

Hi,

First of all, we love that customUI apps can now use requestConfluence()/requestJira() directly. While trying out the new calls, we did however run into the following problem:

When making a POST request to /wiki/rest/api/content/123456/label we get an http 403 response with an error message that simply says: “XSRF check failed”
Here’s the code we use:

 const options = {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: `[
        {
          "prefix": "global",
          "name": "some_label"
        }
      ]`
    }
      const url = `/wiki/rest/api/content/${contentId}/label`;
      const response = await requestConfluence(url, options);
      console.log(response.text());

I believe that we do have the correct scopes, with this:

permissions:
  scopes:
    - "write:confluence-content"
    - "read:confluence-content.summary"
    - "read:confluence-user"

And we can make other requests with no issues; this one for example yields the expected result (the current user):

    const url = `/wiki/rest/api/user/current`;
    const response = await requestConfluence(url);
    console.log(await response.text());

So, is there anything we are doing wrong or are there any other permission we need to set?

Any help would be greatly appreciated.

Thanks,
Oliver

3 Likes

Hi @osiebenmarck

Please, where were you able to resolve this?

I am currently facing the same problem.

Regards,
Onuche

Hi @OnucheIdoko1,

Unfortunately, I was unable to resolve this issue. I did, however, poke around a bit more and ended up creating two bug reports:

Depending on how exactly the problem works in your case, you might be able to use one of the workarounds I’ve outlined in the two bugs.

Oh, and if you find any other option of resolving this, I’d really like to know :wink:

Best regards,
Oliver

Thanks. Will use the good old “invoke

1 Like

@OnucheIdoko1 hi. We will confirm the root cause and someone will reply in this thread tomorrow.

2 Likes

Thanks @Dmitrii

Hey @OnucheIdoko1! Just letting you know that we’re still looking into this issue.

3 Likes

Hi @OnucheIdoko1, just a quick update that we are still investigating the issue.

2 Likes

Thanks @JoanLiang

Hi @OnucheIdoko1,
POST requests don’t work with methods from “@forge/bridge” at this stage, the XSRF check is specifically implemented for security reasons. We are working on the solution,
in the meantime, you can track the progress of this on the FRGE issue you created earlier: [FRGE-327] POST request fails with XSRF Error message when made with @forge/bridge requestConfluence() - Ecosystem Jira

3 Likes

Hi @JoanLiang,

Please, does this fix:

Because, I am still getting “XSRF check failed” - 403 response

1 Like