Cannot load image from atlassian.net even though csp policy is set

Hello everyone,

I have been trying to get the Issue priority icons (e.g https://[MY-DOMAIN].atlassian.net/images/icons/priorities/medium.svg).
For this i added the following to my manifest yml:

permissions:
  scopes:
    - write:jira-work
    - read:jira-work
    - storage:app
  content:
    styles:
      - 'unsafe-inline'
  external:
    images:
      - 'https://i1.wp.com'
      - '*.atlassian.net'

But when running the app i still get the following error:
Refused to load the image ‘icon/16px/medium-priority’ because it violates the following Content Security Policy directive: “img-src ‘self’ data: blob: https://secure.gravatar.com https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net https://api.atlassian.com https://i1.wp.com”.

The images source which i have added in the manifest (‘*.atlassian.net’) does not work. According to this resource it should work like this
https://developer.atlassian.com/platform/forge/add-content-security-and-egress-controls/

How can I fix this issue ?

Thanks in advance

Best regards,
Mathias

@MathiasHausleithner,
Did you manage to get the ‘*.atlassian.net’ working? I get a CSP error

I am experiencing the same issue. I would appreciate any findings on this.

I had the same problem and I’ve noticed that the images within atlassian domain are redirected, see the screenshot:

Screenshot 2023-05-01 at 15.20.48876×452 44.3 KB

I’ve configured my manifest.yml for both domains and it solved the problem:

permissions:
  external:
    images:
      - https://your-domain.atlassian.net
      - https://api.media.atlassian.com

Another thing I found is that the wildcards weren’t working, but entering a domain with protocol worked just fine.

Try with just domain (like in the snippet above), no quotes, no slash at the end. Hope that helps!

Unfortunately, service desk issue type icons do not seem to have a redirect to api.media.atlassian.com.

image1117×516 19.3 KB