Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-12619

Adding projects to smart mirror using different domain results in "Failed to add projects" error

      Issue Summary

      When using Google Chrome to add projects to a mirror that is hosted on a different domain, the project add fails with the error:

      "Failed to add projects. Some projects could not be added. Please refresh the page and try again."

      Steps to Reproduce

      1. Set up a Bitbucket Data Center instance hosted on mybitbucket.com
      2. Set up a smart mirror hosted on mybitbucketmirror.com, and register it with the above upstream Bitbucket instance
      3. Navigate to the mirror's configuration under Admin > Mirrors > Click mirror name
      4. Search for and then attempt to add a project to be synchronized to the mirror

      Expected Results

      The project is added without issue.

      Actual Results

      The following error is thrown:

      "Failed to add projects. Some projects could not be added. Please refresh the page and try again."

      Reviewing the call to https://mybitbucketmirror.com/rest/mirroring/latest/upstreamServers/<upstreamServerID>/settings/projects in the developer console shows the following payload returned alongside a 401 Unauthorized HTTP status code:

      {
        "errors": [
          {
            "context": null,
            "message": "You are not permitted to access this resource",
            "exceptionName": "com.atlassian.bitbucket.AuthorisationException"
          }
        ]
      }
      

      Lastly, in the JavaScript console the following warning can be found:

      A cookie associated with a cross-site resource at https://mybitbucketmirrror.com/ was set without the `SameSite` attribute. 
      It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. 
      You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

      Workaround

      Navigate to "chrome://flags/#same-site-by-default-cookies" (or chrome://flags/#schemeful-same-site) within Google Chrome and then set the behavior there to 'Disabled'. Then proceed to restart Google Chrome ("chrome://restart") and attempt to add a project to the mirror.

      Other information on this error alongside suggested workaround steps can be found in this knowledge article.

          Form Name

            [BSERV-12619] Adding projects to smart mirror using different domain results in "Failed to add projects" error

            This issue was caused by browsers rejecting the BITBUCKETSESSIONID cookie, as in older versions of Bitbucket Data Center the SameSite attribute was not being added. Some browsers, Chrome 80+ for example, would see that the attribute was missing, and add a default value, which could sometimes lead to the browser then rejecting the cookie if the url of the mirror was different.

            I have confirmed that as of Bitbucket Data Center 6.10.11, the SameSite attribute is being added to the cookie correctly. I have also confirmed that the issue does not occur over secure connections, which is the only way mirrors can be configured. The issue may be caused by a corrupted BITBUCKETSESSIONID cookie, so I would suggest clearing the cookies and upgrading to the latest bugfix version. 

            Ben Longhurst (Inactive) added a comment - - edited This issue was caused by browsers rejecting the BITBUCKETSESSIONID cookie, as in older versions of Bitbucket Data Center the SameSite attribute was not being added. Some browsers, Chrome 80+ for example, would see that the attribute was missing, and add a default value, which could sometimes lead to the browser then rejecting the cookie if the url of the mirror was different. I have confirmed that as of Bitbucket Data Center 6.10.11, the SameSite attribute is being added to the cookie correctly. I have also confirmed that the issue does  not occur over secure connections, which is the only way mirrors can be configured. The issue may be caused by a corrupted BITBUCKETSESSIONID cookie, so I would suggest clearing the cookies and upgrading to the latest bugfix version. 

            Workaround is greatly appreciated

             

            Radu Biolan added a comment - Workaround is greatly appreciated  

              8f36004e07e8 Milly Wilson
              eslaughter@atlassian.com Evan Slaughter
              Affected customers:
              5 This affects my team
              Watchers:
              23 Start watching this issue

                Created:
                Updated:
                Resolved: