-
Bug
-
Resolution: Unresolved
-
Low (View bug fix roadmap)
-
None
-
8.9.0, 8.8.1, 8.10.0, 8.13.0, 8.20.3, 8.20.6, 9.4.8
-
8.08
-
20
-
Severity 2 - Major
-
2
-
Issue Summary
While uploading an attachment during issue creation as an anonymous user throws an error saying "You are not authorized, the session has expired or connection is lost" though the "Browse Project", "create issues" and "create attachments" permissions to "Anyone on the web" group was given to "Anyone on the web".
Note: 
This was working till 8.7.0 without issues.
Steps to Reproduce
- Choose a project
- Goto Project settings > Permissions and click on "Edit permissions"
- Grant "Browse Project", "create issues" and "create attachments" permissions to "Anyone on the web" under group permissions.
- Try to access the project as an anonymous user it works, try to create an issue without an attachment it works
- However, if you try to upload an attachment issue creation fails with an error saying "You are not authorized, the session has expired or connection is lost"
- However, if you try to upload an attachment issue creation fails with an error saying "You are not authorized, the session has expired or connection is lost"
Expected Results
The issue should be created without any errors
Actual Results
The issue creation fails with an error saying "You are not authorized, the session has expired or connection is lost"
Workaround
As a workaround, we can add attachments using REST API as through GUI it's not working.
curl -D- -u {username}:{password} -X POST -H "X-Atlassian-Token: nocheck" -F "file=@{path/to/file}" http://{base-url}/rest/api/2/issue/{issue-key}/attachments
As the anonymous users will not have any user ID & password we tried to remove -u{username}:{password} and ran the command like below and it works
Example:
curl -D- -X POST -H "X-Atlassian-Token: no-check" -F "file=@/Users/dgedda/Desktop/Screenshot 2020-06-18 at 8.12.48 PM.png" http://localhost:8881/j881/rest/api/2/issue/TEST-1/attachments
For more information, please go through our documentation for How to add an attachment to a JIRA issue using REST API & Server - add attachment.
[JRASERVER-71212] While uploading an attachment during issue creation as anonymous user throws an error saying "You are not authorized, the session has expired or connection is lost."
What is the status on this issue? It shows gathering impact, but it seems like tens of thousands of anonymous users impacted, the impact is pretty clear. Was this fixed in a new release? We are using Jira Data Center 8.20.6, but still seeing the issue.
Can this be fixed at priority? We have a business requirements to allow clients to be able to add attachments anonymously.
Problem was fixed by removing checking session in JavaScript (before upload attachments) and added header X-Atlassian-Token=no-check for attachment XHR requests.
As noone (Anonymous) can use Jira without uploading/adding attachmens/screenshots, Jira Server is useless.
We'll move to a different platform, as Jira Server will also not be available any longer.
It looks like anonymous users can't see thumbnails. I'm not sure this is directly related, but I wouldn't be surprised if the root cause is the same...
This affects data center as well on version 8..12.2 and not not just related to creation of issue. This happens when an anonymous user attempts to edit the issue as well.
9.12.2 Jira Datacenter version is also affected