Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

JSD Widget SRI integrity, crossorigin CORS error

Rose McCluskey
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 15, 2023

Hello,

Our application security team has flagged the JSD widget as an issue. The complaint is about sub-resource integrity for the embed.js script from Atlassian. The recommendation is to add integrity and cross-origin properties to the <script> tag.

For example, changing this:

        <script data-jsd-embedded
                data-key="12345"
                data-base-url="https://jsd-widget.atlassian.com"
                src="https://jsd-widget.atlassian.com/assets/embed.js"></script>
 
To this:
 
        <script data-jsd-embedded
                data-key="12345"
                data-base-url="https://jsd-widget.atlassian.com"
                src="https://jsd-widget.atlassian.com/assets/embed.js"
                integrity="sha384-abcde12345/zyxwv+09876"
                crossorigin="anonymous"></script>

However, this change results in the following errors: "Access to script at 'https://jsd-widget.atlassian.com/assets/embed.js' from origin 'http://myco.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."

and "GET https://jsd-widget.atlassian.com/assets/embed.js net::ERR_FAILED 200"

Has anyone else encountered this issue and found a solution, outside of removing the widget?

Can Atlassian please include the 'Access-Control-Allow-Origin' header?

1 answer

0 votes
Surya Mohan Reddy Kamini
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 7, 2024

I am having same issue. any update on this ? We are working on security certification and this the only blocker

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events