[Jira] Fix attachment image URLs in issue details

[mturac]

Summary

• Fixes [Jira]... #27521
• Handle absolute Jira attachment image URLs in rendered issue descriptions
• Preserve OAuth requests through the Atlassian API proxy while keeping site/API-token URLs unchanged

Validation

• npm install --no-audit --no-fund
• npm run lint
• npm run build
• git diff --check

[raycastbot]

Thank you for your contribution! 🎉

🔔 @thomaslombart @FezVrasta @teziovsky @gavinroderick @michael-par @literallyjustroy @mheidinger @luarmr @horumyy @rsperezn @Silv-1 @EyLuismi @pernielsentikaer @BehnH @JokeyChen @Murreey @erayack @0xdhrv @dytsou you might want to have a look.

You can use this guide to learn how to check out the Pull Request locally in order to test it.

📋 Quick checkout commands

BRANCH="fix/27521-jira-attachment-content-url"
FORK_URL="https://github.com/mturac/extensions.git"
EXTENSION_NAME="jira"
REPO_NAME="extensions"

git clone -n --depth=1 --filter=tree:0 -b $BRANCH $FORK_URL
cd $REPO_NAME
git sparse-checkout set --no-cone "extensions/$EXTENSION_NAME"
git checkout
cd "extensions/$EXTENSION_NAME"
npm install && npm run dev

We're currently experiencing a high volume of incoming requests. As a result, the initial review may take up to 10-15 business days.

[greptile-apps]

Greptile Summary

This PR fixes Jira issue details failing to load when a description contains absolute attachment image URLs by introducing resolveAuthenticatedImageUri, which correctly routes relative URLs, Atlassian-tenant URLs, and OAuth API-proxy URLs while blocking credential forwarding to non-Atlassian hosts.

• Adds resolveAuthenticatedImageUri to handle the full range of URL forms Jira can embed in rendered descriptions, with a host-allowlist guard (api.atlassian.com / *.atlassian.net) to prevent OAuth bearer tokens from reaching external domains.
• Wraps the getAuthenticatedUri call in a try/catch so a single failing image no longer aborts the entire description render.
• Updates the CHANGELOG with the new bug-fix entry.

Confidence Score: 4/5

The core fix is sound for the common cases, but the OAuth proxy rewriting only covers /rest/ paths, leaving attachment thumbnail URLs on tenant domains unrouted — a gap already flagged in prior review threads that remains unaddressed.

The host-allowlist correctly stops bearer tokens from leaking to non-Atlassian domains. However, in OAuth mode, absolute tenant URLs whose paths don't start with /rest/ (e.g. /secure/thumbnail/…) fall through to return uri and are sent directly to the tenant domain rather than the api.atlassian.com proxy, where they will fail with a 401. This gap was raised in a previous review thread and is still present in the merged code.

extensions/jira/src/components/IssueDetail.tsx — the resolveAuthenticatedImageUri function's OAuth proxy branch only rewrites /rest/ paths, leaving /secure/ attachment URLs unhandled.

Important Files Changed

Filename	Overview
extensions/jira/src/components/IssueDetail.tsx	Introduces resolveAuthenticatedImageUri to safely handle relative, tenant-absolute, and OAuth-proxy image URLs; correctly guards against credential forwarding to non-Atlassian hosts, but OAuth mode skips proxy rewriting for non-/rest/ paths (e.g. /secure/thumbnail/…) — already noted in prior review threads.
extensions/jira/CHANGELOG.md	New bug-fix entry uses a hardcoded date (2026-05-18) instead of the required {PR_MERGE_DATE} placeholder.

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
extensions/jira/CHANGELOG.md:3-7
The new changelog entry uses a hardcoded date instead of the `{PR_MERGE_DATE}` placeholder required by the project convention. The merge date should be populated automatically at merge time, not set manually.

```suggestion
## [Bug Fix] - {PR_MERGE_DATE}

- Fixed issue details failing to load when descriptions include absolute Jira attachment image URLs

## [Bug Fix] - 2026-05-18
```

_{Reviews (6): Last reviewed commit: "Update CHANGELOG.md" | Re-trigger Greptile}

[pernielsentikaer]

Looks good to me, approved 🔥

[github-actions]

Published to the Raycast Store:
https://raycast.com/raycast/jira

[raycastbot]

🎉 🎉 🎉

Such a great contribution deserves a reward, but unfortunately we couldn't find your Raycast account based on your GitHub username (@mturac).

Please link your GitHub account to your Raycast account to receive your credits and soon be able to exchange them for some swag.