Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Content-Security-Policy on Cloud

Hugo Ingelmo
Hugo Ingelmo April 27, 2020

Recently a client was asking us to implement Content-Security-Policy and/or X-Frame-Options in our addon.

After some discussion we still don't have a clear idea on the matter. Does it make sense to implement CSP in Confluence Cloud apps? 

Our guess is that our frames won't work out of context unless you have a valid signed jwt. So we should be safe there.

Does Atlassian have any suggestion or answer on this matter?

 

Regards,

Hugo

 

Answer
Watch
Like Be the first to like this
558 views

2 answers

0 votes
JimmyVanAU
JimmyVanAU
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 27, 2020

May also be worth posting the question here https://community.developer.atlassian.com/ :)

Reply
0 votes
Jack [AppFox]
Jack [AppFox]
Atlassian Partner
April 27, 2020

You should definitely configure the Content Security Policy (CSP) for your Apps in the Cloud.

CSP reduces the attack vector of all kinds of vulnerabilities, e.g.

  • Prevent inline scripts from running
  • Restricting the domains that images, scripts, styles can come from

Sometimes, just by answering these questions, you can find things that are out of place.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.