Uploaded image for project: 'Jira Service Management Cloud'
  1. Jira Service Management Cloud
  2. JSDCLOUD-9544

Session cookie auth does not work cross-site in Chrome for portal-only customers

XMLWordPrintable

      Issue Summary

      Portal-only customers cannot authenticate cross-site requests to the JSM public API (e.g. to /rest/servicedeskapi/knowledgebase/article?query=article) using session-cookie-based auth in Chrome.

      This is likely due to recent changes in Chrome to phase out third-party cookie usage (similar to what Safari has done: https://jira.atlassian.com/browse/JSDCLOUD-9287) in Chrome by 2022.

      For now, this issue can be fixed by explicitly setting the `SameSite` value for customer account session cookies.

      References:

      Steps to Reproduce

      1. Set up a service project in JSM with knowledge base
      2. Create a portal-only user with access as a customer on this service project
      3. Try to search and view the knowledge base authenticated as the portal-only customer from within a third party app (e.g. Refined Theme).

      Expected Results

      The portal-only customer can view the knowledge base article (same as an Atlassian account)

      Actual Results

      The user sees an error that "The action requires a logged in user. Please log in and try again." The API request fails with a 401 response.

      Workaround

      Use a different browser (e.g. Firefox).

              Unassigned Unassigned
              aolrich Andrea
              Votes:
              10 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: