I am using
<Avatar> from Atlaskit in my Forge Custom UI app.
I noticed, that some avatar images are not loaded properly.
This is the case, if the avatar of the user is not an image, but contains initials in a certain color. It actually should look like this.
Refused to load the image 'https://i1.wp.com/avatar-management--avatars.us-west-2.prod.public.atl-paas.net/initials/N-6.png?ssl=1' because it violates the following Content Security Policy directive: "img-src 'self' data: blob: https://secure.gravatar.com https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net https://api.atlassian.com"
I added *.wp.com to manifest so that these avatars are properly loaded and the error message disappears.
external: images: - '*.wp.com'
Is this really true? Surprised that I need to add this external, because it looks like it is Atlassian’s standard infrastructure for avatars. Or is this maybe a bug in Forge?
P.S. Surprised to see Atlassian is using wp.com, which seams to belong to WordPress?