-
Bug
-
Resolution: Timed out
-
Low
-
8
-
Severity 2 - Major
-
Summary
Anonymous Users are unable to upload Attachment when Creating Issues in a Publicly Accessible Project in Jira
Environment
- Cloud
Steps to Reproduce
- Update the Permissions to a Jira Project so that Anonymous Users can Create and Add Attachments (eg Create Issue and Create Attachment Permission for Group Anyone)
- As an Anonymous User, try to upload an Attachment during the Issue Creation (https://INSTANCE.atlassian.net/secure/CreateIssue.jspa)
Expected Results
Attachment Uploads or a message is shown stating Attachment Upload Status
Actual Results
No Errors are shown screen, however viewing the Browser Console
batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1171 GET https://INSTANCE.atlassian.net/rest/api/2/attachment/upload/project/10001/credentials 404 ()
window.fetch @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1171
j @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
Promise resolved (async)
T @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
Promise resolved (async)
(anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
get @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
Promise resolved (async)
getTemporaryAttachmentUploadToken @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
(anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1156
t @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
r @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1156
t @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1161
value @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1155
onFilesAdded @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1159
i.fire @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160
(anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160
setTimeout (async)
f @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160
c @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160
(anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160
batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147 token_fetch_fail: {}
Error
at Object.t.handleError (https://d8baqcx46fbgi.cloudfront.net/atl-vertigo--shard-jira-prod-us-12--3--jres.atlassian.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/ak8tew/b/1/e0bf089fd01d43fabc02e3fd96d9dcec/_/download/contextbatch/js/jira.create.issue,atl.general,jira.global,jira.general,atl.global,-_super/batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147:29442)
at e.value (https://d8baqcx46fbgi.cloudfront.net/atl-vertigo--shard-jira-prod-us-12--3--jres.atlassian.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/ak8tew/b/1/e0bf089fd01d43fabc02e3fd96d9dcec/_/download/contextbatch/js/jira.create.issue,atl.general,jira.global,jira.general,atl.global,-_super/batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160:319)
at https://d8baqcx46fbgi.cloudfront.net/atl-vertigo--shard-jira-prod-us-12--3--jres.atlassian.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/ak8tew/b/1/e0bf089fd01d43fabc02e3fd96d9dcec/_/download/contextbatch/js/jira.create.issue,atl.general,jira.global,jira.general,atl.global,-_super/batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1159:27358
at <anonymous>
Notes
Found that if Group Anyone has Browse Project permissions in the project, they are able to upload attachments; this would not be recommended if Jira is being used as an anonymous collection/feedback tool
Workaround
None
- relates to
-
CRANE-1521 Loading...