Uploaded image for project: 'Atlassian Ecosystem'
  1. Atlassian Ecosystem
  2. ECO-88

https://api.media.atlassian.com should to be added to the Forge Custom UI CSP

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      When using the REST API to retrieve a Jira issue, if the issue has attachments the REST API response includes them in `content` and `thumbnail` attributes in the form:

      • https://<instance>.atlassian.net/rest/api/3/attachment/content/<id>
      • https://<instance>.atlassian.net/rest/api/3/attachment/thumbnail/<id>

      If you a Forge Custom UI application attempts to load these images then it will fail a permission check.

      In order to load the image it is necessary to update the Forge application manifest to include:

      permissions:
        external:
          images: 
             - "https://api.media.atlassian.com/*"

      Given that the api.media.atlassian.com is an Atlassian domain it should be possible to include this in the CSP by default to avoid the need to set this permission.

          Form Name

            [ECO-88] https://api.media.atlassian.com should to be added to the Forge Custom UI CSP

            No work has yet been logged on this issue.

              Unassigned Unassigned
              ddraper@atlassian.com Dave
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: