Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-31885

Uppercase Image File Extensions Cause Broken Images in IE due to nosniff Header

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Medium Medium
    • None
    • 5.1.2, 5.2.7
    • None
    • 5.01
    • 4
    • Severity 2 - Major
    • 0
    • Hide
      Atlassian Update – 31-10-2018

      Hi everyone,

      We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Won't Fix.

      Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Jira team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details.

      We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication.
      Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments.

      Thank you,
      Ignat Alexeyenko
      Jira Bugmaster

      Show
      Atlassian Update – 31-10-2018 Hi everyone, We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Won't Fix . Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Jira team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details. We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication. Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments. Thank you, Ignat Alexeyenko Jira Bugmaster

      The X-Content-Type-Options:nosniff setting was introduced in JIRA 5.1.2 to resolve a security vulnerability: https://jira.atlassian.com/browse/JRA-27506

      Since introduced, this causes image files not to render properly in IE if the file extension is uppercase.

      Steps to Reproduce
      1. Copy 2 image files into the $JIRA_INTALL/atlassian-jira/images folder of a JIRA 5.1.2 instance or higher
        • Make sure one file has an uppercase file extension and the other, lowercase
        • For example: test1.GIF and test2.gif
      2. Edit the announcement banner and enter following html for testing purposes (replacing JIRAHOST:PORT with the proper values) 
        <html>
    <body>
        <h1>Uppercase File Extension</h1>
        <img src="http://JIRAHOST:PORT/images/test1.GIF"></img> 
        <br>
        <h1>Lowercase File Extension</h1>
        <img src="http://JIRAHOST:PORT/images/test2.gif"></img>
    </body>
</html>
      3. Access JIRA with IE
      Expected Results

      Both images should be displayed in the announcement banner

      Actual Results

      Only the image with the lowercase file extension is rendered properly

        1. uppercasetest.png
          uppercasetest.png
          141 kB

              Unassigned Unassigned
              cshim ChrisA
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: