Jira avatars: Missing CORS Header Access-Control-Allow-Origin


I’m developing an Addon for Firefox, and I try to display Jira Avatar on a Github based on ticket related to my Pull Request.

So I get an avatar in the REST call https://myproject.atlassian.net/rest/api/latest/issue/AA-1234 with assignee.avatarUrls.16x16, and I create a with the url as src. The issue is that Github does not allow it due to his CSP img-src

So I tried to fetch the image, convert it into base64 data, which is allowed into Github.
But due to missing CORS Header Access-Control-Allow-Origin, I can’t :

Test code: Edit fiddle - JSFiddle - Code Playground

Do you know why this is missing?

1 Like

Isn’t there a “Whitelist” or “Approved domains” configuration in the Jira admin or in admin.atlassian.com?

Generally, sites that require CORS approval can be registered in the admin. It’s available on Server and I believe I had already seen it on the Cloud, except I don’t find this setting anymore.

I didn’t find something like that.
The url I try to fetch is not a private one with https://myproject.atlassian.net. It’s the public CDN for avatars