Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why is confluence "cross site scripting"?

NCarmichael
NCarmichael September 26, 2024

We occasionally get performance issue in confluence cloud, despite being in a big European city with fibre internet connections.

 

Whilst experiencing it this morning I opened the browser dev console and could see the content taking time to load (over 10 seconds each despite just being small pieces of javascript) was outside of our normal *.atalasian.net domain (following redirects from *.atlassian.net addresses) to servers such as cc-fe-bifrost.prod-east.frontend.public.atl-paas.net (which in turn is a cname of a cdn server belonging to cloudfront and hosted by amazon in the same city as us)

So my questions are

  • Given cross-site scripting is frowned upon now, why is confluence doing it (or at least using cnames to disguise the fact) 
  •  why might there be poor performance downloading tiny little pieces of javascript (excluding lazy-loading used so socket activity)?

PoorConfluencePerformance.png

Answer
Watch
Like Be the first to like this
275 views

1 answer

0 votes
vikram
vikram
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 26, 2024

Hi @NCarmichael 

If you have paid subscription, its better raise a support ticket from below url so that Atlassian Team can check quickly and do the needful to get quick fix.

https://support.atlassian.com/

Vikram P

View More Comments
NCarmichael
NCarmichael September 27, 2024

Hi @vikram 

I thought as it affected us all it might be better in a public forum, my company for example (like many others) are going through the process of really "nailing down" our systems to be able to comply with US (soc 2) and European security standards and it is possible in that process we'll "break" our Jira instance if, for example we implemented a browser policy that prevented CSS

 

Also, I am sure I am not the first to notice this so thought I'd draw on everyone's previous experiences.

 

Neil

Like vikram likes this
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.