[CONFSERVER-80056] CORS for Specific URLs filter Confluence 7.15+

Type: Suggestion
Resolution: Answered
Fix Version/s: None
Component/s: Security
Labels:
None

UIS:
30
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Previously CORS was able to be configured for specific URLs using filters in the web.xml as noted in CONFSERVER-41269.

This is no longer possible after the web.xml cleanup that happened as part CONFSRVDEV-21301.

It would be good to add this functionality back to allow admins to configure CORS filters for specific URLs again.

is related to

CONFSERVER-41269 Improve documentation on configuring CORS in Confluence

Closed

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load

Form Name

Michael Andreacchio added a comment - 24/Jan/2025 5:31 AM

Dear Customers,

Thank you for your patience on this request. We apologise for building out this change to web.xml and not in hand ensuring that our documentation was updated with a viable and easy to execute workaround.
We've updated both our documentation, and created a KB article explaining how to set up CORS configuration in Confluence for specific URLs, please see the following resources:

I hope these are able to guide you in fixing this issue from here on. Cheers.

Michael Andreacchio
Confluence DC Product Management

Michael Andreacchio added a comment - 24/Jan/2025 5:31 AM Dear Customers, Thank you for your patience on this request. We apologise for building out this change to web.xml and not in hand ensuring that our documentation was updated with a viable and easy to execute workaround. We've updated both our documentation, and created a KB article explaining how to set up CORS configuration in Confluence for specific URLs, please see the following resources: Configuring allowlists - Allow Incoming Configure CORS for specific urls I hope these are able to guide you in fixing this issue from here on. Cheers. Michael Andreacchio Confluence DC Product Management

Shubham Kumar added a comment - 14/Aug/2024 7:19 AM

Please implement this feature.

Shubham Kumar added a comment - 14/Aug/2024 7:19 AM Please implement this feature.

drabik added a comment - 27/Mar/2024 3:27 PM

We ended up implementing the API call in the back end, where CORS does not apply.

drabik added a comment - 27/Mar/2024 3:27 PM We ended up implementing the API call in the back end, where CORS does not apply.

Maximilian Walz added a comment - 27/Mar/2024 2:37 PM

The allowlist in the UI does not work

Maximilian Walz added a comment - 27/Mar/2024 2:37 PM The allowlist in the UI does not work

lvms added a comment - 22/Jan/2024 10:20 AM

Please add this feature back. This is a regression.

lvms added a comment - 22/Jan/2024 10:20 AM Please add this feature back. This is a regression.

Martin Poirier added a comment - 12/Dec/2023 6:12 PM

Why is this a suggestion ? this is regression bug, someone did a clean up of the web.xml and forgot this feature.
This is really impacting for the upgrade.

Martin Poirier added a comment - 12/Dec/2023 6:12 PM Why is this a suggestion ? this is regression bug, someone did a clean up of the web.xml and forgot this feature. This is really impacting for the upgrade.

Josué Garcia added a comment - 27/Nov/2023 7:46 PM - edited

@Roy Lu I wouldn't bother, the fastest solution is to just migrate to Conflunce Cloud.

Josué Garcia added a comment - 27/Nov/2023 7:46 PM - edited @Roy Lu I wouldn't bother, the fastest solution is to just migrate to Conflunce Cloud.

Roy Lu added a comment - 15/Nov/2023 3:32 AM

We upgraded our instance today not knowing the CORS feature is completely dropped and now our integrations are broken. It causes a huge headache. Can you please fix it asap? Your Allowlist feature in the UI is never working and now you completely drop the CORS filter workaround in the web.xml file, the last version that supports this is 7.15, which is already a sunset version. It is not acceptable! Please come up with at least a workaround!

Roy Lu added a comment - 15/Nov/2023 3:32 AM We upgraded our instance today not knowing the CORS feature is completely dropped and now our integrations are broken. It causes a huge headache. Can you please fix it asap? Your Allowlist feature in the UI is never working and now you completely drop the CORS filter workaround in the web.xml file, the last version that supports this is 7.15, which is already a sunset version. It is not acceptable! Please come up with at least a workaround!

Richard J. Rasor added a comment - 23/Oct/2023 2:13 PM

Please implement this feature.

Richard J. Rasor added a comment - 23/Oct/2023 2:13 PM Please implement this feature.

Razvan Solea added a comment - 08/Mar/2023 1:31 PM - edited

Please implement this feature. Since we migrated our older Confluence to version 7.19 this blocks currently the page views tracking on our confluence instance for the internet facing URL. Also there is a functionality to export the public view as PDF which is also blocked because of this.

[Later Edit] @Roy Lu: Migrating to Cloud is not an option based on the Corporate policies. While easy, it's not always possible.

Razvan Solea added a comment - 08/Mar/2023 1:31 PM - edited Please implement this feature. Since we migrated our older Confluence to version 7.19 this blocks currently the page views tracking on our confluence instance for the internet facing URL. Also there is a functionality to export the public view as PDF which is also blocked because of this. [Later Edit] @Roy Lu: Migrating to Cloud is not an option based on the Corporate policies. While easy, it's not always possible.

Assignee:: Unassigned

Reporter:: Cole Aronson

Votes:: 97 Vote for this issue

Watchers:: 69 Start watching this issue

Created:: 28/Sep/2022 8:55 PM

Updated:: 27/Jan/2025 5:46 PM

Resolved:: 24/Jan/2025 5:31 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Michael Andreacchio added a comment - 24/Jan/2025 5:31 AM

Expand comment: Michael Andreacchio added a comment - 24/Jan/2025 5:31 AM

Collapse comment: Shubham Kumar added a comment - 14/Aug/2024 7:19 AM

Expand comment: Shubham Kumar added a comment - 14/Aug/2024 7:19 AM

Collapse comment: drabik added a comment - 27/Mar/2024 3:27 PM

Expand comment: drabik added a comment - 27/Mar/2024 3:27 PM

Collapse comment: Maximilian Walz added a comment - 27/Mar/2024 2:37 PM

Expand comment: Maximilian Walz added a comment - 27/Mar/2024 2:37 PM

Collapse comment: lvms added a comment - 22/Jan/2024 10:20 AM

Expand comment: lvms added a comment - 22/Jan/2024 10:20 AM

Collapse comment: Martin Poirier added a comment - 12/Dec/2023 6:12 PM

Expand comment: Martin Poirier added a comment - 12/Dec/2023 6:12 PM

Collapse comment: Josué Garcia added a comment - 27/Nov/2023 7:46 PM, Edited by Josué Garcia - 27/Nov/2023 7:47 PM

Expand comment: Josué Garcia added a comment - 27/Nov/2023 7:46 PM, Edited by Josué Garcia - 27/Nov/2023 7:47 PM

Collapse comment: Roy Lu added a comment - 15/Nov/2023 3:32 AM

Expand comment: Roy Lu added a comment - 15/Nov/2023 3:32 AM

Collapse comment: Richard J. Rasor added a comment - 23/Oct/2023 2:13 PM

Expand comment: Richard J. Rasor added a comment - 23/Oct/2023 2:13 PM

Collapse comment: Razvan Solea added a comment - 08/Mar/2023 1:31 PM, Edited by Razvan Solea - 28/Nov/2023 11:10 AM

Expand comment: Razvan Solea added a comment - 08/Mar/2023 1:31 PM, Edited by Razvan Solea - 28/Nov/2023 11:10 AM

People

Dates