Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-71747

Modal windows fail to appear on front-end when a cross-origin iframe is present on a page




      Issue Summary

      System functionalities like editing permissions, starting scripts, are failing to pop up the modal window in the browser. There are DOMExceptions with blocked iframe, however the domain is the same on the base URL and the resources failing to load.

      Steps to Reproduce

      You have to have an iframe present on the page. eg. go to https://confluence.atlassian.com/adminjiraserver/configuring-an-announcement-banner-938846985.html and add

      <iframe id="cross-origin-iframe" style="height: 200px;" src="http://example.com"></iframe>

      Then go to pages listed below and trigger error.

      A few examples where this problem occurs:

      1. in Admin UI, click on a Manage Permissions - Edit link, or Grant Permissions button
      2. on Sprints page, click on Start Sprint button
      3. JSD ticket image attachment functionality and the ability to edit comments on JSD tickets.

      Expected Results

      The modal window appears for the action. The resources would load normally and there is no related javascript error.

      Actual Results

      No modal window appears. Javascript errors appear in the browser console.

      (The reason for that is that AUI searches for "trigger" - also in iframes JS doesn't have permissions to)

      Exception: Uncaught SecurityError: Blocked a frame with origin "https://jira.xyz.com" from accessing a cross-origin frame.
      Resource: \[https://jira.xyz.com/s/fd44c725dede11cd9aef9ad71292ba77-CDN/\-3neea2/813000/acf4d847655d562ba7b8859ec9c6bf09/0de23a335536ffdf539e9fb39a318679/\_/download/contextbatch/js/\_super/batch.js?locale=en-US|https://jira.xyz.com/s/fd44c725dede11cd9aef9ad71292ba77-CDN/3neea2/813000/acf4d847655d562ba7b8859ec9c6bf09/0de23a335536ffdf539e9fb39a318679//download/contextbatch/js/\_super/batch.js?locale=en-US]
      Line: 319
      Column: 751
      Mozilla/5.0 \(Windows NT 10.0; Win64; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/86.0.4240.111 Safari/537.36
      Stack trace

      Application logs will also show related errors:

      2020-10-26 10:29:48,213+0000 http-nio-8080-exec-151 url:/browse/HAN-3352 username:012345 url:/secure/Project...ewWithSidebar.jspa username:012345 ERROR 012345 629x971650x1 tafjdr, /browse/HAN-3352 [c.q.q.plugins.services.PropertiesService] Cannot show iframe due to unknown error
      java.lang.IllegalStateException: Only PUT or POST methods accept a request body.
      	at com.google.common.base.Preconditions.checkState(Preconditions.java:507)
      	at com.atlassian.sal.core.net.HttpClientRequest.addRequestParameters(HttpClientRequest.java:176)
      	at com.atlassian.sal.core.net.HttpClientRequest.addRequestParameters(HttpClientRequest.java:47)
      	at com.qas.qtest.plugins.services.PropertiesService.shouldDisplay(PropertiesService.java:70)
      	at com.qas.qtest.plugins.webpanel.TestRunLinkCondition.shouldDisplay(TestRunLinkCondition.java:19)


      As mentioned in AUI-5256, AUI's trigger module may throw a DOMException when access to the iframe's document is denied. To work around it, upgrade to the latest AUI plugin in your Jira instance and verify if it solves your problem: AUI Plugin 9.1.1.


        Issue Links



              Unassigned Unassigned
              emarghidan Eduard M
              0 Vote for this issue
              22 Start watching this issue