Problem

In November 2024, Atlassian Security implemented a change related to database content integration between different instances, including production and sandbox environments.

As a result, embedding a database from sandbox into production is no longer allowed, and users encounter a "connection refused" error due to the Content Security Policy (CSP) directive.

  This behavior is not applicable to whiteboards due to existing exceptions for embedded Confluence and Confluence embedding restrictions.

On developer tools, a message similar to the following appears:

Refused to frame 'https://<instance-name>.atlassian.net/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

Since production and sandbox environments have different domains, they are treated as different sites. Despite this, exceptions exist for certain content types, and similar exceptions are requested for Confluence database content types.

Suggested Solution

Implement a security exception or modification to the CSP directive that allows Confluence database content types to be embedded from sandbox environments into production, similar to existing exceptions for other content types (whiteboards).

Why This Is Important

This enhancement is crucial for efficient testing and integration processes, allowing teams to utilize sandbox data seamlessly in production environments without CSP-related blocks.

Workaround

Currently, there is no known workaround for this behavior. A workaround will be added here when available.