Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

CORS Issue in Marketplace after Upgrading to Confluence Data Center 7.4.14

William Yeack
William Yeack
Contributor
December 17, 2021

After upgrading my Confluence Data Center instance to 7.4.14, I am getting CORS errors on the "Manage apps" screen when expanding some of the plugins on my instance.  You can see the issue here:

https://www.screencast.com/t/fXA565cj

As you can see, it looks like a request is getting blocked from the following URL:

https://marketplace.atlassian.com/rest/2/addons/com.adaptavist.confluence.contentFormattingMacros/pricing/server/live?countryCode=FI

I have already tried adding a whitelist for the marketplace.atlassian.com domain, which you can see here:

Img1.jpg

I have also added the following the following modification to the web.xml file (as suggested here):

<!-- MBZ: Added CORS Headers -->
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>;
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>https://www.atlassian.com,https://marketplace.atlassian.com,https://support.member.buzz,https://www.member.buzz,https://resources.member.buzz,https://files.member.buzz</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,PUT,DELETE</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>1800</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

 

Answer
Watch
Like Be the first to like this
601 views

1 answer

2 votes
Sundar Radhakrishnan
Sundar Radhakrishnan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 17, 2021

@William Yeack Try unchecking the setting "Connect to the Atlassian Marketplace" on the Manage Apps page. 

 

Screen Shot 2021-12-17 at 1.58.09 PM.png

View More Comments
William Yeack
William Yeack
Contributor
December 17, 2021

Hi @Sundar Radhakrishnan - so I went back to check and the problem seems to have been resolved.  I am guessing that the Atlassian wasn't giving the right headers on their side and then they fixed things?

Like
Sundar Radhakrishnan
Sundar Radhakrishnan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 17, 2021

@William Yeack Looks like that. When I was facing the same issue this morning EST, saw errors on the browsers' console related to CORS when our local Jira app was calling marketplace API to fetch the plugin's info.So, they could have added XSS related headers in the response and set it to block. Or they would've enabled CORS at their backend (API or at the firewall side) and removed it.

Like
Charlie Misonne
Charlie Misonne
Community Champion
February 24, 2025

For anyone encountering this issue: it is most likely related to a client issue or your networking blocking requests to the Marketplace.

I'm running this today on a Jira v9.12.15 instance. The issue only occurs in Chrome, not in Firefox.

After some troubleshooting I found out that the "company managed" chrome app "privacy badger" was causing this. Adding an exception for our Jira site solved this issue.

image.png

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
7.4.14
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.