Configuration - Cloud

Removal notice:

Please note that the URL user and URL user password parameters were removed (see Deprecation notice: URL user and URL user password parameters). We recommend using profiles to access external data.

After migrating or installing HTML for Confluence, navigate to the Global Configuration screen:

  1. Log in as a System Administrator with global permission.

  2. Navigate to  > Settings > Atlassian Marketplace on the sidebar.

  3. Click HTML Configuration to manage the app configuration.

The configuration settings are categorized into the following tabs:

Global Configuration

Use the toggle to enable or disable the Global Configuration settings.

Image shows the Global Configuration tab of the app's cloud configuration page.
HTML Configuration > Global Configuration

Parameter

Description

Parameter

Description

Restrict URL access

This parameter controls whether or not the URL parameter on the HTML for Confluence macro must conform to the allowlisted URLs. Administrators can turn on the Allowlist to restrict access to URLs configured in the Allowlist settings. 

If enabled, the URL parameter in the app is restricted to only the URLs available in the Allowlist tab.

Enable strict allowlist

This option will apply the URL Allowlist to all content in the HTML content. Note that this feature disables any nested iframes and does not support allowlist entries with regular expressions.

The Allowlist is shared between Appfire and/or Bob Swift applications. 

Allow JavaScript

This option controls the usage of Javascript in the HTML macro. When enabled, the user can use Javascript in the HTML and vice versa.

Allowlist

Manage the URLs that the app can access from this page. If the Restrict URL access option is enabled, the app is restricted to allow the specified URLs only.

Image shows the Allowlist tab of the app's cloud configuration page.
HTML Configuration > Allowlist

Parameter

Description

Parameter

Description

Expression

Enter a URL or an expression here.

Type

Select a type from the following list:

  • Domain name - allows URLs of a specific domain. Example: https://www.example.com/

  • Exact match - allows only the specified URL. Example: https://www.example.com/thispage

  • Wildcard expression - allows all matching URLs. Use * as a wildcard character to replace one or more characters. Example: https://*example.com

  • Regular expression - allows all URLs matching the specified regular expression. Example: http(s)?://www\.example\.com 
    Refer to this Wikipedia article for more information about regular expressions or see the regular expressions tutorial.

You can perform the following actions on this page:

  • Add the URL after specifying the Expression and Type.

  • Update after modifying the details. Select the Expression to enable editing of the URL.

  • Delete to remove the URL.

  • Save after adding or modifying any URL in the list.

Profiles

Profiles consist of a common set of parameters that allow users to choose a profile in the macros. Some advantages of using profiles are:

  • Profiles allow user authentication required by some URLs to be hidden from page viewers and editors. Only Confluence administrators have access to this information.

  • Enables macro editors to quickly configure the macro by reusing a shared definition for URL access. 

  • Relative addressing can be used making the page content less likely to require changes when base URLs are relocated. 

    • Macro configured URL (that is not a full URL) is appended to the profile provided URL.

The page displays a list of profiles available for the macros. Click Add Profile to open a pop-up window as:

Parameter

Description

Parameter

Description

Profile name

Enter a name for the profile.

Profile type

Displays URL as selected, by default. 

URL

Enter the URL to be accessed.

User; Password

Enter the user name and password to access the specified URL.

Access token

Enter the access token to access the specified URL, if needed. Administrators must generate the access tokens from applications, if required, and enter that here.

URL parameters

Mention any extra parameters that must be appended to the URL here. 

Request headers

Displays the request header(s) created as per the given information.

You can perform the following actions on this page:

  • Click   to edit the profile details.

  • Click  to remove the profile.

  • Click Save profile to create the profile.

Macro security

Administrators can define how they want to restrict the usage of macros and macro parameters using macro security. These restrictions are applied through a combination of app configuration (macro security), macro parameters and page restrictions.

Click Add restriction to specify the trusted users, user groups and/or spaces that can access the HTML macro.

Provide the following parameters to grant access:

Parameter

Description

Parameter

Description

Restrict access

Macro

Specify the macro for which access is to be restricted. This field is mandatory. Currently, this feature is available only for the HTML macro.

Parameter name

Specify the parameter to be restricted. This field is mandatory. The parameters available with the HTML macro are:

  • Allow same origin

  • Allow script execution

For more information about the parameters, read the macro guide here.

Parameter value

This parameter is not applicable for the HTML macro.

Trusted access

Spaces

Enter the space key where the macro can safely be accessed. You can add multiple spaces here.

With this approach, no edit page restrictions are needed. Instead, the Confluence administrator and/or the space administrator must apply the appropriate space-level permissions. This ensures that only trusted users and groups can edit content in the specified space(s).

Users

Enter the users who can access the macro. You can add more user names to the trusted users list.

Administrators are recommended to add appropriate edit page restrictions to match the configuration given on this screen.

Groups

Enter the user group who can access the macro. You can add multiple user groups here. 

Administrators are recommended to add appropriate edit page restrictions to match the configuration given on this screen.

Read How macro security works to learn how macro security allows you, as an administrator, to implement relevant granular control over your content.

You can perform the following actions on this page:

  • Click to edit the details.

  • Click  to remove the restriction(s).

Additional references

 


Find answers from the community.

Ask a question to the community.

Log a request with our support team.

Confluence®, Jira®, Atlassian Bamboo®, Bitbucket®, Fisheye®, and Atlassian Crucible® are registered trademarks of Atlassian®
Copyright © 2005 - 2024 Appfire | All rights reserved. Appfire™, the 'Apps for makers™' slogan and Bob Swift Atlassian Apps™ are all trademarks of Appfire Technologies, LLC.

Unable to render {include} The included page could not be found.