Problem

When embedding databases from different domains as smart links in a Jira description, users encounter Content Security Policy (CSP) errors that prevent the database from displaying properly.

Environment

• Jira Cloud
• Confluence Cloud
• Instances on different domains

Steps to Reproduce

1. Go to a Jira issue description field.
2. Add a smart link to a database from a different Confluence instance.
3. Observe the loading behavior and check the browser's developer tools console.

Expected Results

The database from a different instance should embed and display correctly in the Jira description as a smart link without any CSP errors.

Actual Results

The embedded database fails to load with the following error message:

<instance-name>.atlassian.net refused to connect.

In the developer tools, a CSP error message appears:

[Report Only] Refused to frame 'https://<instance-name>.atlassian.net/' because it violates the following Content Security Policy directive: "frame-src 'self' *.atlassian-stg-fedm.net *.atlassian-us-gov-mod.net".

Workaround

Currently, the only workaround is to avoid using embed smart links for databases from different domains, and using inline options, as there is no viable solution to bypass the CSP restrictions.

Notes

This issue does not occur with certain content types such as pages and whiteboards, suggesting that there may be a bug or regression specific to Confluence database content types.

Users seek similar exceptions for these content types to allow cross-domain embedding without CSP violations.