After installing or updating the app, you can configure the app settings in the Configuration screen.

To navigate to the screen:

Log in as an administrator and select Cog menu () > Manage apps.
Select Markdown under the BOB SWIFT CONFIGURATION section in the sidebar.

Migrating app from server to cloud?

From version 3.6.0, migrating from server to cloud now transfers the app global configurations as well as the app data automatically. Refer to the Migration guide for more detailed information about the migration process.

Configuration screen

The app configuration options are categorized under the following tabs:

Global Configuration

Parameter	Default	Description
Restrict URL access	Off	Available since version 3.3. This parameter restricts access to remote locations through the URL to markdown file parameter of the Markdown from a URL macro. The specified URLs in the macro editors must conform to the Confluence Allowlist; provided, the allowlist is enabled. Confluence allows the administrator to turn on the allowlist to restrict incoming and outgoing connections to only those connections that are configured in the Allowlist settings. If enabled, the URL to markdown file parameter of the Markdown from a URL macro is also restricted to the URLs that are configured in the Allowlist settings for Confluence only.
Allow JavaScript	On	Available since version 3.4. This option controls Javascript usage in the Markdown for Confluence app. Enable this option to allow execution of Javascript within the macros. You can also control JavaScript usage on pages that use the Markdown for Confluence app. To restrict the usage of JavaScript in the Markdown macros from the Macro Security for Confluence Configuration page: Enable the markdown.allowJavaScript macro for markdown macro. Enable the markdown-url.allowJavaScript macro for markdown-url macro. Enable the markdown-attachment.allowJavaScript macro for markdown-attachment macro. To enable these macros, refer to Macro Security Configuration. To know the security vulnerabilities prevented by this feature, refer to the List of security vulnerabilities prevented.
Show JavaScript warning	Off	Available since 3.8. Enable this option to control the display of a warning if usage of JavaScript in the macros is restricted. This option is enabled only if Allow JavaScript is disabled. If the Allow JavaScript parameter is disabled and users then add JavaScript content in macros, a warning is displayed. Use this parameter to hide this warning message.
Blacklist domains	Off	Available since version 3.5. This option controls whether or not certain domains are blacklisted. By default, this option is disabled for backward compatibility. If enabled, and if a request from any of these sites is received, an error message is displayed. However, if users still need to access a blacklisted site, they must contact their administrator to disable this option. Click the link named listed (in the description beneath the option) to view a pre-defined list of the most commonly blacklisted domains in a pop-up window. The following sites are blacklisted, by default: 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 192.0.0.0/24 198.18.0.0/15 255.255.255.255/32 0.0.0.0/32 192.0.2.0/24 192.88.99.0/24 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4
Help Us Improve the Product	Off	This parameter is available with version 3.4. Enable this option to report usage data that helps us improve the app continually. The app does not send any private user data or personally identifiable information.

Profiles

Profiles are a set of basic parameters required to access Markdown content from a remote location and render the content on Confluence pages.

Use profiles to:

Allow user authentication as required by some URLs to be hidden from page viewers and editors. Only Confluence administrators have access to this information.
Enable macro editors to quickly configure the macro by reusing a shared definition for URL access.
Make lesser changes to page contents when base URLs are relocated as relative addressing is used in profiles.
Macro configured URL (that is not a full URL) is appended to the profile provided URL. This absolute URL then points to the actual location of the content to be rendered.

The base URL of the remote location to be accessed must be given in profiles, and the raw URL must be entered in the URL to markdown file parameter of the Markdown from a URL macro editor.
A raw URL is defined as the part of the URL following the domain information and includes the query string, if present. For example, in the URL string http://www.contoso.com/articles/recent.aspx, the raw URL is /articles/recent.aspx.

The page displays a list of profiles available for the macros. You can perform the following actions on this page:

Click to edit the profile details.
Click to remove the profile.

To create a new profile, click Add Profile to open a pop-up window as:

Parameter	Description
Profile name	Enter a name for the profile. Profile names given here are populated in the Profile field in the macro editor. This name must be unique; else, the details specified overwrites the details of the existing profile. This may cause errors in pages where the profile is used.
Profile type	Specify whether this is a URL, GitLab, or GitHub address. The default option for this parameter is URL.
URL	Enter the URL of the remote location to be accessed. It is recommended to provide the base URL here. A raw URL must be provided in the URL to markdown file parameter of the Markdown from a URL macro editor.
User; Password	Enter the username and password, if required, to access the specified URL. Specify either the User and Password parameters or the Access token, as an access token is also a means of user authentication. It is recommended to use either of the user authentication methods but not both.
Always use credentials given here?	Enable this to ensure that these credentials are are always used instead of user's credentials that may be available if an Application Link is defined for this URL. Note: This is available from release 3.8.1.
Access token	Enter an access token or an API token for the application or service to be connected with. If this parameter is specified, ensure that the User and Password parameters are left empty. It is recommended to use either of the user authentication methods but not both. Each application has its own method of generating tokens. Access tokens or API tokens are a means of user authentication; so, if mentioned, this token is used for authentication instead of using user credentials. Tokens are generated for a user after the application or service to be connected verifies the user's credentials. Enter the generated token here for a seamless connection between the app's macros and the application or service. Here are some of the links associated with GitLab and GitHub applications to generate a personal access token: GitLab: Use this article to generate an access token from https://gitlab.com/profile/personal_access_tokens. GitHub: Use this article to generate an access token from https://github.com/settings/tokens.
URL parameters	Mention any extra parameters (for the query string) that must be appended to the specified URL here.
Request headers	Displays the request headers created as per the given information. Request headers are name or value pairs that are added to the request. For example, GitHub requires the following request headers be specified: Authorization: token $accessToken, Accept:application/vnd.github.v3.raw This field is automatically populated with a comma-separated list of name or value pairs using the provided information. If required, enter additional name or value pairs separated with commas.

Click Save profile to create the profile.