Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-16626

Profile images throughout Confluence are broken when anonymous view profile permission is off

XMLWordPrintable

      Steps to reproduce:

      1. Upload a profile image
      2. Make a change in a public space
      3. Modify global permissions so that anonymous doesn't have access to user profiles
      4. Log out
      5. Go to the dashboard

      A broken image will be present next to your user name in the recently updated section.

      In firefox this is issue is not visible (broken image just doesn't render), but in Safari and possibly IE there is a broken image placeholder rendered instead of the image.

      The same issue affects comments on wiki pages which will most likely affect more users than the dashboard alone.

      An unfortunate side effect of this bug a significant performance penalty that is a result of http redirection to the login page and retrieval of this page for all links to profile images. Under normal circumstances all profile images are cached in the browser, so this is not an issue. Browsers however won't cache 302 redirections.

        1. broken-profile-image.png
          broken-profile-image.png
          2 kB
        2. firefox.png
          firefox.png
          6 kB
        3. ie.png
          ie.png
          9 kB

            [CONFSERVER-16626] Profile images throughout Confluence are broken when anonymous view profile permission is off

            Katrina Walser (Inactive) added a comment -

            This has been fixed under CONF-19257

            Katrina Walser (Inactive) added a comment - This has been fixed under CONF-19257

            Azwandi Mohd Aris (Inactive) added a comment -

            In Confluence 3.1, Firefox just ignore the image, hence, it looks pretty fine. In IE7, it renders as broken image.

            Apart from dashboard, comments are also affected.

            Azwandi Mohd Aris (Inactive) added a comment - In Confluence 3.1, Firefox just ignore the image, hence, it looks pretty fine. In IE7, it renders as broken image. Apart from dashboard, comments are also affected.

            Igor Minar added a comment -

            Hi Anatoli,

            I was able to work around the problem by giving anonymous the view profile permission and patching the view profile action class and restricting the access there.

            So it isn't that urgent for us, but I can imagine that any other bigger instance that restricts access to profiles (we did it because of spam) doesn't patch Confluence will be affected.

            cheers,
            Igor

            Igor Minar added a comment - Hi Anatoli, I was able to work around the problem by giving anonymous the view profile permission and patching the view profile action class and restricting the access there. So it isn't that urgent for us, but I can imagine that any other bigger instance that restricts access to profiles (we did it because of spam) doesn't patch Confluence will be affected. cheers, Igor

            Anatoli added a comment -

            Hi Igor,

            Thanks for reporting this bug. Indeed we don't check 'View User Profiles' permission for anonymous users and always try to display a profile pic.

            How urgent is this bug for you?

            Anatoli.

            Anatoli added a comment - Hi Igor, Thanks for reporting this bug. Indeed we don't check 'View User Profiles' permission for anonymous users and always try to display a profile pic. How urgent is this bug for you? Anatoli.

              akdominguez Katrina Walser (Inactive)
              15d9a6950818 Igor Minar
              Affected customers:
              6 This affects my team
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: