Hi there,
I noticed this problem still exists. Here is how the Avatar looks in our app when the user has not added a profile image:
While on the same screen, Jira renders these avatars in the following way, defaulting to an auto-generated image, based on the user’s initials:
Notice the image URL is exactly the same, however the problem is the following Content Security Policy error as can be seen in the Browser console:
What is worse is that in Safari browsers the Avatar isn’t displayed at all when this happens, only the tooltip shows on mouse-over:
I am considering @pauls workaround but it doesn’t make sense opening up access to all images on these servers.
Because the purpose of CSP is to restrict access to only what is needed by the app and I don’t want users to have to accept “exchanging data” with all of the following services when going through the “Allow access” - prompt.
@danielwinterw or @kchan can you look into this?
This is similar to this issue resolved previously and it seems the solution is to whitelist all URLs necessary, so the ‘@atlaskit/avatar’ component works as expected for all Forge apps - rather than adding these URLs to every app manifest’?