Issue Summary

The public.access.disabled dark feature (detailed here) was added in Jira 7.2.10 to require authentication by unauthenticated users visiting URIs matching the following patterns:

• [BASE-URL]/secure/Dashboard.jspa
• [BASE-URL]/browse/ {issue-key}
• [BASE-URL]/browse/?jql=
• [BASE-URL]/projects/ {project-key}
• [BASE-URL]/issues/

As of Jira 10, it also prevents unauthenticated access to [BASE-URL]/secure/ContactAdministrators!default.jspa, a change from Jira 9.

Steps to Reproduce

1. Navigate to [BASE-URL]/secure/admin/SiteDarkFeatures!default.jspa
2. Enable the public.access.disabled dark feature
3. Log out
4. Select "Contact your admin" or "Report a problem" link on the login page to navigate to [BASE-URL]/secure/ContactAdministrators!default.jspa

Expected Results

The Contact Administrators form is displayed.

Actual Results

The browser is redirected to login.jspa with the message "You must log in to access this page."

Workaround

There is no available workaround at this time. Note that Jira 10.x prevents unauthenticated access to all of the URI patterns mentioned above by default, without this site dark feature enabled.

Suggested Solution

This site dark feature should not prevent unauthenticated access to the Contact Administrators form. Alternately, the specific URI patterns affected should be clearly documented for each Jira version.