Issue Summary

Icons for custom issue type not loading in a 3rd party gadget in a dashboard, when 3rd party cookies are disabled in the user's browser. 

The API endpoint for custom issue type avatar:https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-avatars/#api-rest-api-2-universal-avatar-view-type-type-avatar-id-get is an authenticated URL and when the 3rd party cookies are disabled, there's no session cookies for authentication, which is causing the issue. 

This can be as simple as adding an <img /> tag to the Connect iframe page

<img src="https://mycompany.atlassian.net/rest/api/3/universal_avatar/view/type/project/avatar/10763" /> 

Steps to Reproduce

1. Install the Connect app Rich Filters for Jira Dashboards
2. Add the "Rich Filter Results" gadget to a dashboard.
3. Add a custom Issue type avatar for one of the issue types in your Jira instance.
4. Add this issue type to your project, and create issues of this issue type. 
5. Configure a filter to fetch issues of this issue type. 
6. Configure the "Rich Filter Results" gadget in the dashboard and select the above newly created filter. 
7. Ensure that you have the Browse Project permission in the project where the issues are created.
8. Now disable 3rd party cookies in your browser. You can do this by viewing the page in Incognito mode or via the Settings.
9. Clear the cookies, cache & history of the browser.
10. Reload the dashboard. 

Expected Results

The dashboard should show the custom avatar of the issue type while displaying the "Rich Filter Results" gadget in the dashboard upon reload. 

Actual Results

The "Rich Filter Results" gadget in the dashboard upon reload shows broken custom avatar of the issue type. 

The request is rejected with a HTTP 403 as the tenant.session.token is missing in the request.

Workaround

The only workaround at this time is to proxy the request through the Connect service to make the call via the backend and the send the results to the front end.