Customers are reporting repeated security warning pop-ups in Confluence when using the 3rd party app like Draw.io app, specifically when the app attempts to access external third-party websites.

As per Atlassian documentation, this behavior is expected when apps access domains that are not yet recognized or allowlisted by Atlassian Cloud. In this case, it appears that the app vendor may have recently introduced new external domains that are not currently known to Atlassian, resulting in frequent warnings for end users.

While the warnings are functioning as designed, customers are asking whether there is a way to mark specific external domains as trusted so that users do not see the same security pop-ups repeatedly within Confluence.

At present, there does not appear to be an admin-level option or configuration to allowlist or trust specific third-party domains on a per-app or per-site basis.