Details
-
Bug
-
Resolution: Fixed
-
Low
-
8.12.2, 8.13.0
-
8.12
-
1
-
Severity 2 - Major
-
Description
Issue Summary
System functionalities like editing permissions, starting scripts, are failing to pop up the modal window in the browser. There are DOMExceptions with blocked iframe, however the domain is the same on the base URL and the resources failing to load.
Steps to Reproduce
You have to have an iframe present on the page. eg. go to https://confluence.atlassian.com/adminjiraserver/configuring-an-announcement-banner-938846985.html and add
<iframe id="cross-origin-iframe" style="height: 200px;" src="http://example.com"></iframe>
Then go to pages listed below and trigger error.
A few examples where this problem occurs:
- in Admin UI, click on a Manage Permissions - Edit link, or Grant Permissions button
- on Sprints page, click on Start Sprint button
- JSD ticket image attachment functionality and the ability to edit comments on JSD tickets.
Expected Results
The modal window appears for the action. The resources would load normally and there is no related javascript error.
Actual Results
No modal window appears. Javascript errors appear in the browser console.
(The reason for that is that AUI searches for "trigger" - also in iframes JS doesn't have permissions to)
Exception: Uncaught SecurityError: Blocked a frame with origin "https://jira.xyz.com" from accessing a cross-origin frame. Resource: \[https://jira.xyz.com/s/fd44c725dede11cd9aef9ad71292ba77-CDN/\-3neea2/813000/acf4d847655d562ba7b8859ec9c6bf09/0de23a335536ffdf539e9fb39a318679/\_/download/contextbatch/js/\_super/batch.js?locale=en-US|https://jira.xyz.com/s/fd44c725dede11cd9aef9ad71292ba77-CDN/3neea2/813000/acf4d847655d562ba7b8859ec9c6bf09/0de23a335536ffdf539e9fb39a318679//download/contextbatch/js/\_super/batch.js?locale=en-US] Line: 319 Column: 751 Environment Mozilla/5.0 \(Windows NT 10.0; Win64; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/86.0.4240.111 Safari/537.36 Stack trace
Application logs will also show related errors:
2020-10-26 10:29:48,213+0000 http-nio-8080-exec-151 url:/browse/HAN-3352 username:012345 url:/secure/Project...ewWithSidebar.jspa username:012345 ERROR 012345 629x971650x1 tafjdr 51.175.141.225,10.210.229.52 /browse/HAN-3352 [c.q.q.plugins.services.PropertiesService] Cannot show iframe due to unknown error java.lang.IllegalStateException: Only PUT or POST methods accept a request body. at com.google.common.base.Preconditions.checkState(Preconditions.java:507) at com.atlassian.sal.core.net.HttpClientRequest.addRequestParameters(HttpClientRequest.java:176) at com.atlassian.sal.core.net.HttpClientRequest.addRequestParameters(HttpClientRequest.java:47) at com.qas.qtest.plugins.services.PropertiesService.shouldDisplay(PropertiesService.java:70) at com.qas.qtest.plugins.webpanel.TestRunLinkCondition.shouldDisplay(TestRunLinkCondition.java:19)
Workaround
As mentioned in AUI-5256, AUI's trigger module may throw a DOMException when access to the iframe's document is denied. To work around it, upgrade to the latest AUI plugin in your Jira instance and verify if it solves your problem: AUI Plugin 9.1.1.