https://api.media.atlassian.com should to be added to the Forge Custom UI CSP

XMLWordPrintable

      When using the REST API to retrieve a Jira issue, if the issue has attachments the REST API response includes them in `content` and `thumbnail` attributes in the form:

      • https://<instance>.atlassian.net/rest/api/3/attachment/content/<id>
      • https://<instance>.atlassian.net/rest/api/3/attachment/thumbnail/<id>

      If you a Forge Custom UI application attempts to load these images then it will fail a permission check.

      In order to load the image it is necessary to update the Forge application manifest to include:

      permissions:
  external:
    images: 
       - "https://api.media.atlassian.com/*"

      Given that the api.media.atlassian.com is an Atlassian domain it should be possible to include this in the CSP by default to avoid the need to set this permission.

            Assignee:
            Unassigned
            Reporter:
            Dave
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: