-
Suggestion
-
Resolution: Unresolved
-
None
-
9
-
1
-
NOTE: This suggestion is for JIRA Service Desk Cloud. Using JIRA Service Desk Server? See the previously corresponding suggestion.
Summary
In Cloud, it's possible to retrieve attachments for a request via REST API albeit being experimental (requires HTTP header "X-ExperimentalApi":"opt-in"). Example:
- GET /rest/servicedeskapi/request/{issueIdOrKey}/attachment
- GET /rest/servicedeskapi/request/{issueIdOrKey}/comment/{commentId}/attachment
Reference: https://docs.atlassian.com/jira-servicedesk/REST/cloud/#servicedeskapi/request/ {issueIdOrKey}/attachment
However, the underlying redirection in comments to /secure/
{"thumbnail" or "attachment"}/
{commentId}/myimage.png?fromIssue=
{issueId}creates a problem for Connect Apps because Safari blocks cross-site cookies. This forces Apps to awkward and potentially unsafe proxies of the attachments.
Suggestion
Allow Jira to process attachment calls from API clients using the `ACT_AS_USER` mechanism to respect both user permissions and browser policies. And stabilize the APIs so the experimental header and label can be removed.
- is related to
-
- Closed
- causes
-
DEVHELP-5308 Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JSDCLOUD-4952] REST API to retrieve attachments from requests
Fetching attachments from a request is possible by using the JSM attachments APIs and traversing the response links. For example:
- Call the JSM attachment API: /rest/servicedeskapi/request/{issueIdOrKey}/attachment and note the jiraRest field from response. The content field is for use within the browser.
- From the response above, get call URL under jiraRest and note the content field in the response.
- Calling the URL for the content in the above response would fetch the attachment.
For use in browsers the {{content }}field from the 1st response above can be used. But as already noted, this may not function in Safari. One way to get around that is uncheck Prevent cross-site tracking in Safari settings:
This however should function fine in Chrome/Firefox.
Hi Jira team.
We are part of a team at Mercado Pago (from Mercado Livre) and we have implemented a service of support center so that our developer users can follow the support tickets that open with us and also interact directly through this channel.
To do this, we use the Jira API to create support issues, be able to send comments, get ticket data and comments, send attachments, and add/remove participants.
The problem we're facing is that our users can't see the images we send them and also the ones they send us, because Jira doesn't allow it without the user having a login and permission to the project.
This is extremely important to us, as the images are used to help in understanding and solving the problem, in addition to a better experience so that the user does not need to keep up with the various emails sent by jira, which information sometimes is lost .
Could you please give an attention or alternative to support us in this need?
My best regards.
Is this issue happening only for Safari or for all the other browsers?
Hello.
Rohan, the problem is not about don't be posible make the fetch of attachments but rather about the permission restriction for users of type customer.
Example of a link that needs login to see an attachament: https://mercadolibre.atlassian.net/servicedesk/customer/user/login?absolute=true&destination=%2Fplugins%2Fservlet%2Fservicedesk%2Fcustomershim%2Fsecure%2Fattachment%2F377918%2F377918_image-20210324-011506.png%3FfromIssue%3D1085671