-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Medium
-
Component/s: Page - Export - PDF
-
None
-
4
-
Severity 3 - Minor
Issue Summary
A specific feature flag on Confluence's backend that increases the security of the product doesn't allow for Relative paths in the CSS properties.
The FF in question is: pdf.export.settings.ssrf.check
Steps to Reproduce
- If your Confluence Cloud site has the security feature flag enabled, navigate to any space in Space Settings > Look and Feel > PDF Export
- Under the PDF stylesheet section, add this piece of CSS:
@top-right { background-image: url(/download/attachments/12344/image.png?api=v2); background-repeat: no-repeat; height: auto; width: 10em; } - Hit the Save button.
Expected Results
The settings are saved as usual
Actual Results
A 500 error is thrown with the following description:
message: java.lang.IllegalArgumentException: Host name may not be null java.lang.RuntimeException: java.lang.IllegalArgumentException: Host name may not be null com.atlassian.confluence.extra.flyingpdf.config.ConfigurePdfExportAction.ssrfCheck(ConfigurePdfExportAction.java:162) com.atlassian.confluence.extra.flyingpdf.config.ConfigurePdfExportAction.doEdit(ConfigurePdfExportAction.java:252) ava.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Workaround
Update the URL parameters to use the Absolute path of the file:
@top-right {
background-image: url(https://SITENAME.atlassian.net/wiki/download/attachments/12344/image.png?api=v2);
background-repeat: no-repeat;
height: auto;
width: 10em;
}
- causes
-
-
- Closed
-