How do I get rid of "Connect your account te preview links" for Github?

Hello Andras,

Thank you for following-up on this case.

I created the request below to track this feature:

• CONFCLOUD-67922 Ability to dismiss or disable Smart Card behavior for links

I'm linking it with the internal case, so please add your feedback to that ticket. 

There's not a way at the time to cancel the nagging, but you can use the following workaround to just insert as a normal link:

When inserting the link, be sure to use http:// instead of https://. The Smart Card feature will not be activated, and upon visiting the URL, it will automatically redirect to https:// for these services.

Alternatively, you can press Ctrl + Z (Windows) or Cmd + Z (macOS) (to revert the link to a normal blue link).

I hope that helps, but let me know if you have any trouble.

Shannon

In english:

press Ctrl + Z (Windows) or Cmd + Z (macOS) to revert the link to a normal blue link... after pasting any link into an atlassian box...

You can fix a link that has been wrapped by atlassian by copy pasting it using copy link address.

Per https://www.atlassian.com/trust/roadmap?tab=compliance

For what purpose are you requesting users connect external accounts be linked, where can I read about how you will only use this information to "preview links"?

Are you aware that this "feature" is violating the concept of least privilege and encourage users to disclose information unnecessarily, that might harm them or you?

https://www.sec.gov/Archives/edgar/data/1650372/000104746915008972/a2226703zf-1a.htm

"If our security measures are breached or unauthorized access to customer data is otherwise obtained, our products may be perceived as insecure, we may lose existing customers or fail to attract new customers, and we may incur significant liabilities."


When I paste a google docs link into atlassian, your UI lies, and tells me that "You don't have access to that link"... you then build an OAuth link around my link to my document, that when clicked, discloses to google that i'm using atlassian, and grants atlassian read only access to my google doc... if I will just click accept...

What you mean to say is "Atlassian can't read your trade secrets or IP behind that link we just noticed you pasted in a chat box... would you like to allow Atlassian to have read-only access to file metadata and file content?"

This is the scope of the OAuth Request:

Want to learn more about OAuth Scopes actually mean?  

https://developers.google.com/drive/api/v2/about-auth

Think about what happens when that google doc contains trade secrets or IP... think about what happens when atlassian is breached and all those access token with read only access are used to steal all atlassian customer's google docs, who didn't realize what they were doing when they harmlessly "Connected an account to preview links".

Developers are invited to review the graphql events logged associated with "smartLink renderSuccess" which includes gems like:

nonPrivacySafeAttributes: {linkDomain: ["docs.google.com"]}

https://bitbucket.org/atlassian/atlaskit-mk-2/commits/6e446f687a9f513ff76cafbfa8b0131e7481cb74

(link to the file doesn't work... but here is the same commit https://github.com/pavithracjs/atlassian-ui-library/commit/6e446f687a9f513ff76cafbfa8b0131e7481cb74)....

does this mean this information is privacy safe? or not?

This feature is a lawsuit waiting to happen... Please disable it by default, and never prompt users to grant access to external resources, without properly communicating the risks and liabilities associated with the action your software is proposing. 

If it were possible to disable this behavior I would have just disabled it, instead of posting this detailed explanation of how the "feature" actually works.

Can we get an ETA on when this will be possible to disable ?

If you wish to disable the smart link feature altogether from the comments in Jira you can modify the renderer from Wiki Style Renderer to Text Renderer.

https://confluence.atlassian.com/adminjiracloud/specifying-field-behavior-776636443.html

Also dropping the bug ticket for this here:

https://jira.atlassian.com/browse/JRACLOUD-72988

Thanks to @Belto for providing the workaround for Jira Cloud!

@J. Pablo Fernández @dmitriy @mitchell balsam, 

This workaround is for Jira only. For anyone who tries this, just be aware that it will disable wiki-style rendering on the field completely.

I just discovered a workaround alternative for both Confluence and Jira. Insert the link with http:// instead of https://. This will break the Smart Card linking feature. For the services I tested, it redirects the user to https:// in the end. 

I've created the following feature requests for the ability to disable this message, or to disable the Smart Card behavior for specific links:

• CONFCLOUD-67922 Ability to dismiss or disable Smart Card behavior for links (Confluence Cloud)
• JRACLOUD-72990 Ability to dismiss or disable Smart Card behavior for links (Jira Cloud)

Please vote on the request that pertains to your product if this is something you wish to see in the future.

Thank you all for your help on this!

Regards,

Shannon

@Beltowe would like to keep `wiki style renderer` because it highlights links to issues

we just do not use github and we are not going to connect github accounts in our jira project. but we do work extensively with open source packages / issues and that's why a lot of our jira tickets contain lots of github links.

is that possible to set up the wiki style renderer itself and disable github integration?

thanks!

I can totally understand. Instead of disabling the wiki markup, you can try the workarounds mentioned on JRACLOUD-72429 / CONFCLOUD-67922

Hello Michael,

This particular issue was resolved about a week after @J. Pablo Fernández reported it to me. I can confirm it's fixed for both Jira and Confluence and I no longer get the message when adding my Github link to a page in Confluence or an issue in Jira.

It's very odd that you are encountering it today. Could you please raise a ticket with our Cloud Support Team? We can have a look at your error logs and try to determine why you might still be seeing this message.

Thank you for your help!

Regards,

Shannon

Are you adding the link as "http://" or "https://"?  Because they behave differently.

Michael, 

Thank you for bringing that to my attention. You're right; it appears that it was only resolved for users when they enter github.com/username or http://github.com/username and NOT https://github.com/username.

I'm bringing this to the attention of the editor team right away and I will let you know what I find out.

Thank you again!

Regards,

Shannon

i'm requesting that you remove this feature or, at a minimum, allow the message to be suppressed link-by-link.

i am not going to connect my github account, so it's a constant nag.

but even i were to connect my account i wouldn't want this preview in many cases. there are times when i am entering a list of urls with some comments; previews only interfere with the message i am trying to convey.

please advise how this can be addressed.

thanks

I, too, would like it removed.   Or at least a setting that is turned off initially.  (i.e. an advanced user can turn it on in their "settings"). Daily I'm pasting a link and then having to edit it to change "https" to "http".  

I know Atlassian wants to create professional software.   This feature just doesn't seem professional in its current form.

@Bruce MacNaughton and @Michael Dockter,

Thank you for the follow-up on this thread. Apologies for neglecting to get back to you before the holiday.

I am getting back in touch with the content experience team to see if they have any more information yet on this. I hope to hear something back next week.

Regards,

Shannon

Hello everyone,

As an update, we're going to start looking into this again now that the holidays are over. It will be an ongoing discussion and I will keep you all updated as I learn more information.

Thank you all!

Regards,

Shannon

Awesome @Shannon S 

I also want to be able to disable this feature. I will never give Atlassian access to all our GitHub repos with access to "code". Why the hell do you create a GitHub app that needs this big scope? You should probably allow the user to specify what Atlassian is allowed to read from GitHub and what not. Giving access to the code so that a "smart link" feature is enabled that can show some "preview" is really crazy.

Hello Andreas, 

Thank you so much for your excellent feedback! I understand that currently the integration is asking for read access is to present links more meaningfully (this is what makes them "Smart"). However, this isn't ideal for everyone.

I've given this feedback to our development team, and we will look into this further. I'm waiting to hear back this week so I can get some examples of threads that we can follow for more details on this, as well as the original issue, in case the bug I showed you earlier isn't the best place to do that.

I'll keep you updated!

Regards,

Shannon

The accesses it is requesting is insane. Does Atlassian want to take the responsibility of securing all of this?

Atlassian Cloud by atlassian
wants to access your elvarb account

Gists
Read and write access

Personal user data
Profile information (read-only)

Repositories
Public and private

The easiest way we found to resolve this and a number of other questionable features is...to not use any Atlassian products.  For us, it was the 'full access for everyone by default' we couldn't get over.

Hello Mitchell,

This issue is occurring when a link to a Github account is pasted into Confluence without adding it manually as a text link. 

It is still an open bug without a resolution at this time, but the workaround is to create a text link instead. You can do this using the steps I let @J. Pablo Fernández  know about earlier.

Let me know if you have any trouble with this and I'll be happy to help!

Regards,

Shannon

Thank you Shannon.

How do I connect my user?

You're welcome!

When you click the link, it does take you to Github where you can connect your user, but it seems that Confluence isn't recognizing that. This is the bug. So for the time being, there's not a way to link it on Confluence so that this error message will go away. In the meantime, you'll need to link it as a text link instead. 

1. Write some text on the page.
2. Select the text.
3. Type CMD+K (Mac) or CTRL+K (Windows)
4. Paste the Github link.

That will at least allow you to link to Github without the error.

Let me know if you have any questions.

Regards,

Shannon