Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-71747

Modal windows fail to appear on front-end when a cross-origin iframe is present on a page

XMLWordPrintable

      Issue Summary

      System functionalities like editing permissions, starting scripts, are failing to pop up the modal window in the browser. There are DOMExceptions with blocked iframe, however the domain is the same on the base URL and the resources failing to load.

      Steps to Reproduce

      You have to have an iframe present on the page. eg. go to https://confluence.atlassian.com/adminjiraserver/configuring-an-announcement-banner-938846985.html and add 

      <iframe id="cross-origin-iframe" style="height: 200px;" src="http://example.com"></iframe>

      Then go to pages listed below and trigger error.

      A few examples where this problem occurs:

      1. in Admin UI, click on a Manage Permissions - Edit link, or Grant Permissions button
      2. on Sprints page, click on Start Sprint button
      3. JSD ticket image attachment functionality and the ability to edit comments on JSD tickets.

      Expected Results

      The modal window appears for the action. The resources would load normally and there is no related javascript error.

      Actual Results

      No modal window appears. Javascript errors appear in the browser console.

      (The reason for that is that AUI searches for "trigger" - also in iframes JS doesn't have permissions to)

      Exception: Uncaught SecurityError: Blocked a frame with origin "https://jira.xyz.com" from accessing a cross-origin frame.
Resource: \[https://jira.xyz.com/s/fd44c725dede11cd9aef9ad71292ba77-CDN/\-3neea2/813000/acf4d847655d562ba7b8859ec9c6bf09/0de23a335536ffdf539e9fb39a318679/\_/download/contextbatch/js/\_super/batch.js?locale=en-US|https://jira.xyz.com/s/fd44c725dede11cd9aef9ad71292ba77-CDN/3neea2/813000/acf4d847655d562ba7b8859ec9c6bf09/0de23a335536ffdf539e9fb39a318679//download/contextbatch/js/\_super/batch.js?locale=en-US]
Line: 319
Column: 751
Environment
Mozilla/5.0 \(Windows NT 10.0; Win64; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/86.0.4240.111 Safari/537.36
Stack trace

      Application logs will also show related errors:

      2020-10-26 10:29:48,213+0000 http-nio-8080-exec-151 url:/browse/HAN-3352 username:012345 url:/secure/Project...ewWithSidebar.jspa username:012345 ERROR 012345 629x971650x1 tafjdr 51.175.141.225,10.210.229.52 /browse/HAN-3352 [c.q.q.plugins.services.PropertiesService] Cannot show iframe due to unknown error
java.lang.IllegalStateException: Only PUT or POST methods accept a request body.
	at com.google.common.base.Preconditions.checkState(Preconditions.java:507)
	at com.atlassian.sal.core.net.HttpClientRequest.addRequestParameters(HttpClientRequest.java:176)
	at com.atlassian.sal.core.net.HttpClientRequest.addRequestParameters(HttpClientRequest.java:47)
	at com.qas.qtest.plugins.services.PropertiesService.shouldDisplay(PropertiesService.java:70)
	at com.qas.qtest.plugins.webpanel.TestRunLinkCondition.shouldDisplay(TestRunLinkCondition.java:19)

      Workaround

      As mentioned in AUI-5256, AUI's trigger module may throw a DOMException when access to the iframe's document is denied. To work around it, upgrade to the latest AUI plugin in your Jira instance and verify if it solves your problem: AUI Plugin 9.1.1.

              Unassigned Unassigned
              emarghidan Eduard M
              Votes:
              0 Vote for this issue
              Watchers:
              22 Start watching this issue

                Created:
                Updated:
                Resolved: