Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,551,905
Community Members
 
Community Events
184
Community Groups

CORS Issue in Marketplace after Upgrading to Confluence Data Center 7.4.14

Edited
William Yeack
William Yeack Dec 17, 2021

After upgrading my Confluence Data Center instance to 7.4.14, I am getting CORS errors on the "Manage apps" screen when expanding some of the plugins on my instance.  You can see the issue here:

https://www.screencast.com/t/fXA565cj

As you can see, it looks like a request is getting blocked from the following URL:

https://marketplace.atlassian.com/rest/2/addons/com.adaptavist.confluence.contentFormattingMacros/pricing/server/live?countryCode=FI

I have already tried adding a whitelist for the marketplace.atlassian.com domain, which you can see here:

Img1.jpg

I have also added the following the following modification to the web.xml file (as suggested here):

<!-- MBZ: Added CORS Headers -->
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>;
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>https://www.atlassian.com,https://marketplace.atlassian.com,https://support.member.buzz,https://www.member.buzz,https://resources.member.buzz,https://files.member.buzz</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,PUT,DELETE</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>1800</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

 

Answer
Watch
Like Be the first to like this
229 views

1 answer

2 votes
Sundar Radhakrishnan
Sundar Radhakrishnan Dec 17, 2021 • edited

@William Yeack Try unchecking the setting "Connect to the Atlassian Marketplace" on the Manage Apps page. 

 

Screen Shot 2021-12-17 at 1.58.09 PM.png

View More Comments
William Yeack
William Yeack Dec 17, 2021

Hi @Sundar Radhakrishnan - so I went back to check and the problem seems to have been resolved.  I am guessing that the Atlassian wasn't giving the right headers on their side and then they fixed things?

Like
Sundar Radhakrishnan
Sundar Radhakrishnan Dec 17, 2021 • edited

@William Yeack Looks like that. When I was facing the same issue this morning EST, saw errors on the browsers' console related to CORS when our local Jira app was calling marketplace API to fetch the plugin's info.So, they could have added XSS related headers in the response and set it to block. Or they would've enabled CORS at their backend (API or at the firewall side) and removed it.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
7.4.14
TAGS
AUG Leaders

Atlassian Community Events

See all events