Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
The problem is that when sending the screenshot imahe the screenshot applet has the User-Agent HTTP header set to the Java Plugin, as it should. Crowd, while trying to be ultra secure hashes the user's cookie based on a few things, but also based on the User-Agent. So when using the Crowd's SSO solution, and sending the screenshot, the screenshot's request does not get validated and the user gets logged out.
Therefore, with Crowd's SSO, it is not possible to attach screenshots to JIRA.
The fix is to make the applet fake the user agent. However, we cannot hard code the user agent, it needs to be the same string as what the user's web browser sends. So we will need to parametrise it. We need to read the value of the "User-Agent" header on the request that is sent to show the applet. Then pass this value to the applet by adding another parameter in the attachscreenshot.jsp.
When adding the parameter please remember that it needs to be added in 2 sections. Once for the OBJECT tag and another for the EMBED tag.
Then we need to add code to the applet that calls connection.setRequestProperty() and sets the "User-Agent" HTTP header to the value that was passed in as a param. See how the applet sets the Content-type HTTP header.
Please test the solution works on Windows and Mac (Firefox and Safari).
Attachments
Issue Links
- causes
-
CWD-400 JIRA attach screenshot does not write file to the filesystem when Crowdified.
- Closed