Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-71747

Modal windows fail to appear on front-end when a cross-origin iframe is present on a page

    XMLWordPrintable

    Details

      Description

      Issue Summary

      System functionalities like editing permissions, starting scripts, are failing to pop up the modal window in the browser. There are DOMExceptions with blocked iframe, however the domain is the same on the base URL and the resources failing to load.

      Steps to Reproduce

      You have to have an iframe present on the page. eg. go to https://confluence.atlassian.com/adminjiraserver/configuring-an-announcement-banner-938846985.html and add

      <iframe id="cross-origin-iframe" style="height: 200px;" src="http://example.com"></iframe>
      

      Then go to pages listed below and trigger error.

      A few examples where this problem occurs:

      1. in Admin UI, click on a Manage Permissions - Edit link, or Grant Permissions button
      2. on Sprints page, click on Start Sprint button
      3. JSD ticket image attachment functionality and the ability to edit comments on JSD tickets.

      Expected Results

      The modal window appears for the action. The resources would load normally and there is no related javascript error.

      Actual Results

      No modal window appears. Javascript errors appear in the browser console.

      (The reason for that is that AUI searches for "trigger" - also in iframes JS doesn't have permissions to)

      Exception: Uncaught SecurityError: Blocked a frame with origin "https://jira.xyz.com" from accessing a cross-origin frame.
      Resource: \[https://jira.xyz.com/s/fd44c725dede11cd9aef9ad71292ba77-CDN/\-3neea2/813000/acf4d847655d562ba7b8859ec9c6bf09/0de23a335536ffdf539e9fb39a318679/\_/download/contextbatch/js/\_super/batch.js?locale=en-US|https://jira.xyz.com/s/fd44c725dede11cd9aef9ad71292ba77-CDN/3neea2/813000/acf4d847655d562ba7b8859ec9c6bf09/0de23a335536ffdf539e9fb39a318679//download/contextbatch/js/\_super/batch.js?locale=en-US]
      Line: 319
      Column: 751
      Environment
      Mozilla/5.0 \(Windows NT 10.0; Win64; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/86.0.4240.111 Safari/537.36
      Stack trace
      

      Application logs will also show related errors:

      2020-10-26 10:29:48,213+0000 http-nio-8080-exec-151 url:/browse/HAN-3352 username:012345 url:/secure/Project...ewWithSidebar.jspa username:012345 ERROR 012345 629x971650x1 tafjdr 51.175.141.225,10.210.229.52 /browse/HAN-3352 [c.q.q.plugins.services.PropertiesService] Cannot show iframe due to unknown error
      java.lang.IllegalStateException: Only PUT or POST methods accept a request body.
      	at com.google.common.base.Preconditions.checkState(Preconditions.java:507)
      	at com.atlassian.sal.core.net.HttpClientRequest.addRequestParameters(HttpClientRequest.java:176)
      	at com.atlassian.sal.core.net.HttpClientRequest.addRequestParameters(HttpClientRequest.java:47)
      	at com.qas.qtest.plugins.services.PropertiesService.shouldDisplay(PropertiesService.java:70)
      	at com.qas.qtest.plugins.webpanel.TestRunLinkCondition.shouldDisplay(TestRunLinkCondition.java:19)
      	

      Workaround

      As mentioned in AUI-5256, AUI's trigger module may throw a DOMException when access to the iframe's document is denied. To work around it, upgrade to the latest AUI plugin in your Jira instance and verify if it solves your problem: AUI Plugin 9.1.1.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              emarghidan Eduard M
              Votes:
              0 Vote for this issue
              Watchers:
              19 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: