-
Bug
-
Resolution: Fixed
-
Medium
-
23
-
Severity 3 - Minor
-
Issue Summary
When using apps (add-ons) developed with Forge, the apps making asApp() requests may not work as expected if the user has IP Allowlisting enabled. The list of allowed IP addresses are listed in https://support.atlassian.com/organization-administration/docs/ip-addresses-and-domains-for-atlassian-cloud-products/#Outgoing-Connections and the announcement was documented in
- https://developer.atlassian.com/changelog/#CHANGE-1168
18.236.52.165/32 34.215.254.205/32 35.160.6.102/32 52.43.192.52/32 52.89.100.78/32 54.190.195.254/32 54.214.155.219/32 54.218.196.28/32
ImportantIf you plan to use these IP address ranges, it’s important that you monitor Atlassian’s documentation for changes to this range. A JSON file containing this information is published to https://ip-ranges.atlassian.com/, which may aid automation.
Steps to Reproduce
- Create/ install an app built with Forge;
- Try to use the app on a site where IPAllowlisting is enabled;
Any asApp() requests will be blocked by IP Allowlisting.
Expected Results
The app should work without problems.
Actual Results
App using asApp() requests, throw an error and the app doesn't work at all.
Workaround
You can get the full list of IP addresses via
curl --silent https://ip-ranges.atlassian.com | jq --raw-output '[.items[] | select(.product[] | . == "forge") | .cidr][]'