-
Bug
-
Resolution: Fixed
-
Low
-
None
-
Severity 2 - Major
Issue Summary
If an anonymous user searches for something with content search API, and the query happens to get a hit on a user, the API returns a 403 error.
Example of a search query that matches a user and returns 403: (open using fresh incognito window):
https://refined.atlassian.net/wiki/rest/api/search?cql=title%20~%20%22emil%22%20
But if the anonymous user's search query does NOT have a user match in the result set, it returns the API results successfully (200)
Example of non-user matching search, returning 200 + results: (open using fresh incognito window):
https://refined.atlassian.net/wiki/rest/api/search?cql=title%20~%20"partners"%20
NOTE: This bug report is about receiving a 403 on anonymous content search API calls whenever there's a user profile match on the query. We do not expect user profile matches to be included at all on this method; however, we also expect that a user match shouldn't affect this query at all.
Steps to Reproduce
- Open incognito window to insure you're not logged in
- Call content search API, searching for a title for a known username on instance: https://refined.atlassian.net/wiki/rest/api/search?cql=title%20~%20%22emil%22%20
Expected Results
API call succeeds whether or not the query finds a user profile match.
Actual Results
403 error on CQL queries that find a hit/match on user profile.
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
[AI-284] Confluence content search API returns 403 for anonymous users when there is a user match in results set
| Component/s | Original: Search - Indexing [ 46493 ] | |
| Component/s | New: Search - Indexing [ 75295 ] | |
| Key |
Original:
|
New:
|
| QA Demo Status | Original: Not Done [ 14330 ] | |
| QA Kickoff Status | Original: Not Done [ 14234 ] | |
| Project | Original: Confluence Cloud [ 18513 ] | New: Atlassian Intelligence [ 23110 ] |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Gathering Impact [ 12072 ] | New: Closed [ 6 ] |
looks like they are not seeing the issue anymore after our Thursday release. Closing this ticket as resolved.
| Assignee | New: David Rizzuto [ drizzuto ] |
| Symptom Severity | Original: Severity 1 - Critical [ 14430 ] | New: Severity 2 - Major [ 14431 ] |
| Status | Original: Needs Triage [ 10030 ] | New: Gathering Impact [ 12072 ] |
| Component/s | Original: Core - APIs [ 46317 ] |
| Component/s | New: Search - Indexing [ 46493 ] | |
| Component/s | Original: Search - Advanced Search [ 61204 ] |
This issue has been fixed.