From 2025-08-07 12:00 UTC to 2025-08-08 11:00 UTC, users across EU, US, and AUS regions experienced login failures when accessing the Confluence Cloud integration. The login popup window opened and closed immediately, preventing successful authentication and causing Confluence macros to fail rendering content.
During this period, affected customers were unable to complete Confluence Cloud login flows, significantly impacting user experience.
The root cause was traced to a security fix that introduced this unexpected behavior.
Reverting the PR restored access to the modal, allowing inter-window communication and a successful login completion.
The security fix was essential but introduced unintended side effects by disabling access to window.opener. The existing login flow depended on this property to post messages between popup and parent windows.
The interaction between modern security best practices and existing application logic, particularly around iframe and popup window messaging, was not fully tested. Testing iframe behavior in local environments is inherently challenging, limiting early detection.