Issue collector on workflow triggers is generating an XSRF error

XMLWordPrintable

    • 4
    • Severity 3 - Minor

      Issue Summary

      When attempting to submit feedback to Atlassian from within a Jira Cloud workflow editor (in company managed project), the issue collector is currently not able to submit the form.  It appears that there is an XSRF check that is failing here, and in turn there are several 404 errors in the browser console when attempting to do so from an atlassian.net Cloud site

      This issue collector has a title of Jira Labs feedback, and has an identifier of effe8b72

      Steps to Reproduce

      1. From a Jira Cloud site, edit a workflow in a company managed project
      2. Select a transition to edit
      3. Under the Triggers tab, there is a link called "Send feedback on triggers" to an issue collector, click it
      4. Attempt to fill out that form and submit it

      Expected Results

      Users expect that they can provide Atlassian feedback on this feature.  That issue collector should create new issues within a feedback project.

      Actual Results

      An error is thrown:

      Oops! Something went wrong...

      There was a problem submitting your feedback, likely due to the configuration of this form. You might want to contact the site owner to let them know about this issue.

      Browser web console tools show that an XSRF check failed.

      The below exception is thrown in the browser console when this happens

      Request URL: https://jira.atlassian.com/rest/collectors/1.0/template/custom/effe8b72
Request Method: POST
Status Code: 404 
Remote Address: 104.192.140.10:443
Referrer Policy: strict-origin-when-cross-origin
atl-traceid: 83f0111f7e62b811
cache-control: no-cache, no-store, no-transform
content-type: text/html;charset=UTF-8
date: Mon, 20 Mar 2023 21:28:03 GMT
expect-ct: report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/jac-gedgev2", max-age=86400
nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
server: AtlassianEdge

      Workaround

      In the meantime, it is still possible to directly visit https://jira.atlassian.com/rest/collectors/1.0/template/form/effe8b72?os_authType=none in order to submit that feedback, however this cannot be done as a popup as designed by the issue collector, instead it has to be in it's own tab to bypass the current XSRF check that is failing.

        1. workflowtrigger.png
          workflowtrigger.png
          366 kB
        2. oopserror.png
          oopserror.png
          288 kB

            Assignee:
            Unassigned
            Reporter:
            Andy Heinzer (Inactive)
            Votes:
            7 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: