Uploaded image for project: 'Atlassian Ecosystem'
  1. Atlassian Ecosystem
  2. ECO-88

https://api.media.atlassian.com should to be added to the Forge Custom UI CSP

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      When using the REST API to retrieve a Jira issue, if the issue has attachments the REST API response includes them in `content` and `thumbnail` attributes in the form:

      • https://<instance>.atlassian.net/rest/api/3/attachment/content/<id>
      • https://<instance>.atlassian.net/rest/api/3/attachment/thumbnail/<id>

      If you a Forge Custom UI application attempts to load these images then it will fail a permission check.

      In order to load the image it is necessary to update the Forge application manifest to include:

      permissions:
  external:
    images: 
       - "https://api.media.atlassian.com/*"

      Given that the api.media.atlassian.com is an Atlassian domain it should be possible to include this in the CSP by default to avoid the need to set this permission.

              Unassigned Unassigned
              ddraper@atlassian.com Dave
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: