-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Low
-
None
-
Affects Version/s: 7.4.0, 7.4.3
-
Component/s: Content - Attachments
-
None
-
2
-
Severity 2 - Major
Issue Summary
When a user that does not have the Attachments "Add" permission on the space, and they drag and drop a file to Confluence, a generic error is sometimes thrown.
Steps to Reproduce
- Install Confluence 7.4.0
- Setup permissions as shown here: spaceperms.png
- With a user that only belongs to confluence-users go to a page on that space
- When viewing the page (not in the editor), drag and drop an attachment to Confluence of small size (less than 1mb)
- Then upload a larger attachment (50mb+)
Expected Results
The following error should be returned right away:
You'll need to ask for permission to insert files here.
This error is usually thrown when uploading small files.
Actual Results
The below exception is thrown in the browser:
The dialog window will also show an upload "in progress", and show a progress bar, even if the user does not have permissions to upload to any page on the space. Eventually it throws the "server cannot be reached" error
Notes
This behavior is intermittent. Sometimes it works and throws the appropriate permission error, and sometimes it cannot be replicated. The following has been tried to workaround this issue:
- Tested in multiple browsers
- Reset server.xml to make sure the default is being used
- Removed protocol="org.apache.coyote.http11.Http11Nio2Protocol" from server.xml
- Flushed browser and Confluence cache
- Multiple file formats (zip, png, jpg, mp4, etc.)
Regardless of the error, the file will not be uploaded if you do not have permission. So this should not pose any security risks.
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
