Violating Content Security Policy when using Forge API

Dmitry Khotinskiy May 7, 2024

I'm developing a module for Jira using Atlassian Forge and when I try to pull user's data using @Forge/api, I get the following error on Jira Cloud:

Refused to connect to 'https://jira/rest/api/3/myself' because it violates the following Content Security Policy directive: "connect-src 'self' https://api.atlassian.com/metal/ingest".

Here's my code:

const accountInfoURL = route`/rest/api/3/myself`
const accountInfoRes = await api.asApp().requestJira(accountInfoURL, {
headers: {
'Accept': 'application/json'
}
})

2 answers

1 accepted

0 votes
Answer accepted
Dave Rosenlund _Trundl_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 7, 2024

Welcome to the Atlassian Community, @Dmitry Khotinskiy  đź‘‹

Check out this post on the Atlassian Developer Community. It may provide some insight.

And, you may want to consider joining that Atlassian developer-specific community, too.

Best,

-dave

Dmitry Khotinskiy May 8, 2024

Thank you @Dave Rosenlund _Trundl_, although that post didn't provide resolution to my issue, it led me to the answer. The code that I provided was in the frontend/index.jsx file which should be in resolver/index.js and accessed via @forge/bridge.

Also, thank for pointing me to Atlassian's developer-specific community!

Like • # people like this
Huong Thi An
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 28, 2024

Hi @Dmitry Khotinskiy ,

Can you tell me how to fix your issue?

0 votes
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 7, 2024

Hello @Dmitry Khotinskiy 

You are trying to get data about the currently logged in user, so you need to use the asUser() context method, not the as asApp() method:

await api.asUser().requestJira(route`/rest/api/3/myself`)
Dmitry Khotinskiy May 8, 2024

Thank you for your response @David Bakkers, but both asUser() and asApp() produce the same issue.

Like • David Bakkers likes this
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 8, 2024

No problems. As you've already worked out, you can't call internal APIs from the frontend via the bridge.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events