While uploading an attachment during issue creation as anonymous user throws an error saying "You are not authorized, the session has expired or connection is lost."

Issue Summary

While uploading an attachment during issue creation as an anonymous user throws an error saying "You are not authorized, the session has expired or connection is lost" though the "Browse Project", "create issues" and "create attachments" permissions to "Anyone on the web" group was given to "Anyone on the web".

Note: This was working till 8.7.0 without issues.

Steps to Reproduce

1. Choose a project
2. Goto Project settings > Permissions and click on "Edit permissions"
3. Grant "Browse Project", "create issues" and "create attachments" permissions to "Anyone on the web" under group permissions.
4. Try to access the project as an anonymous user it works, try to create an issue without an attachment it works
   • However, if you try to upload an attachment issue creation fails with an error saying "You are not authorized, the session has expired or connection is lost"

Expected Results

The issue should be created without any errors

Actual Results

The issue creation fails with an error saying "You are not authorized, the session has expired or connection is lost"

Workaround

As a workaround, we can add attachments using REST API as through GUI it's not working.

curl -D- -u {username}:{password} -X POST -H "X-Atlassian-Token: nocheck" -F "file=@{path/to/file}" http://{base-url}/rest/api/2/issue/{issue-key}/attachments

As the anonymous users will not have any user ID & password we tried to remove -u{username}:{password} and ran the command like below and it works

Example:

curl -D- -X POST -H "X-Atlassian-Token: no-check" -F "file=@/Users/dgedda/Desktop/Screenshot 2020-06-18 at 8.12.48 PM.png" http://localhost:8881/j881/rest/api/2/issue/TEST-1/attachments

 For more information, please go through our documentation for How to add an attachment to a JIRA issue using REST API & Server - add attachment.