Details
-
Bug
-
Resolution: Timed out
-
Low
-
8
-
Severity 2 - Major
-
Description
Summary
Anonymous Users are unable to upload Attachment when Creating Issues in a Publicly Accessible Project in Jira
Environment
- Cloud
Steps to Reproduce
- Update the Permissions to a Jira Project so that Anonymous Users can Create and Add Attachments (eg Create Issue and Create Attachment Permission for Group Anyone)
- As an Anonymous User, try to upload an Attachment during the Issue Creation (https://INSTANCE.atlassian.net/secure/CreateIssue.jspa)
Expected Results
Attachment Uploads or a message is shown stating Attachment Upload Status
Actual Results
No Errors are shown screen, however viewing the Browser Console
batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1171 GET https://INSTANCE.atlassian.net/rest/api/2/attachment/upload/project/10001/credentials 404 () window.fetch @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1171 j @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147 Promise resolved (async) T @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147 Promise resolved (async) (anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147 get @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147 Promise resolved (async) getTemporaryAttachmentUploadToken @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147 (anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1156 t @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147 r @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1156 t @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1161 value @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1155 onFilesAdded @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1159 i.fire @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160 (anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160 setTimeout (async) f @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160 c @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160 (anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160 batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147 token_fetch_fail: {} Error at Object.t.handleError (https://d8baqcx46fbgi.cloudfront.net/atl-vertigo--shard-jira-prod-us-12--3--jres.atlassian.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/ak8tew/b/1/e0bf089fd01d43fabc02e3fd96d9dcec/_/download/contextbatch/js/jira.create.issue,atl.general,jira.global,jira.general,atl.global,-_super/batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147:29442) at e.value (https://d8baqcx46fbgi.cloudfront.net/atl-vertigo--shard-jira-prod-us-12--3--jres.atlassian.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/ak8tew/b/1/e0bf089fd01d43fabc02e3fd96d9dcec/_/download/contextbatch/js/jira.create.issue,atl.general,jira.global,jira.general,atl.global,-_super/batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160:319) at https://d8baqcx46fbgi.cloudfront.net/atl-vertigo--shard-jira-prod-us-12--3--jres.atlassian.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/ak8tew/b/1/e0bf089fd01d43fabc02e3fd96d9dcec/_/download/contextbatch/js/jira.create.issue,atl.general,jira.global,jira.general,atl.global,-_super/batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1159:27358 at <anonymous>
Notes
Found that if Group Anyone has Browse Project permissions in the project, they are able to upload attachments; this would not be recommended if Jira is being used as an anonymous collection/feedback tool
Workaround
None
Attachments
Issue Links
- relates to
-
CRANE-1521 Loading...