We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.
Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-11118

Video attachments stopped playing on issues in Chrome/Safari browsers from the Customer Portal

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 4.20.1, 5.12.10
    • Customer Portal

      Issue Summary

      When trying to play any video attachment on issues using the JSM Customer Portal by clicking on them using Google Chrome or Safari, the video doesn't start playing and we can see some blocked scripts on the browser console.

      Steps to Reproduce

      1. We have installed a fresh JSM on version 4.20 (Affected Version) 
      2. Created a new project.
      3. Created an Issue (Get IT Help) at the project created on step before.
      4. Attached a .mp4 video to that issue and tried to play it on Chrome and Safari.

      Expected Results

      It was expected that the video would start to play on both web browsers.

      Actual Results

      The video doesn't start to play, and we can see on the browser console the following message:

      Blocked script execution in 'https://<base_url>/servicedesk/customershim/secure/attachment/10100/10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4?fromIssue=1011201' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
      VM56 injected.js:1 Blocked script execution in 'https://<base-url>/servicedesk/customershim/secure/attachment/10100/10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4?fromIssue=1011201' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
      (anonymous) @ VM56 injected.js:1
      v @ VM56 injected.js:1
      injectable @ VM56 injected.js:1
      (anonymous) @ VM56 injected.js:1
      g @ VM56 injected.js:1
      m @ VM56 injected.js:1
      (anonymous) @ VM56 injected.js:1
      await in (anonymous) (async)
      (anonymous) @ VM56 injected.js:1
      (anonymous) @ VM56 injected.js:1
      n @ VM56 injected.js:1
      (anonymous) @ VM56 injected.js:1
      (anonymous) @ VM56 injected.js:1
      n @ VM56 injected.js:1
      (anonymous) @ VM56 injected.js:1
      (anonymous) @ VM56 injected.js:1
      Cross-Origin Read Blocking (CORB) blocked cross-origin response https://<base-url>/servicedesk/customer/user/login?absolute=true&destination=%2Fservicedesk%2Fcustomershim%2Fsecure%2Fattachment%2F10100%2F10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4%3FfromIssue%3D1011201 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
      10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4:1 Blocked script execution in 'https://<base-url>/servicedesk/customershim/secure/attachment/10100/10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4?fromIssue=1011201' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. 

       

      This issue was fixed by this JRASERVER-72275 bug, however, it doesn't apply to the JSM customer portal

      Workaround

      In order to enable Chrome and Safari to properly playback attachments (like videos or sounds) added to issues admin can disable a feature flag by adding a Site Wide Dark Feature called jira.security.csp.sandbox.disabled. This will disable setting header Content-Security-Policy to sandbox for attachments and other assets.

        1. Test.mp4
          2.97 MB

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.
            Uploaded image for project: 'Jira Service Management Data Center'
            1. Jira Service Management Data Center
            2. JSDSERVER-11118

            Video attachments stopped playing on issues in Chrome/Safari browsers from the Customer Portal

              • Icon: Bug Bug
              • Resolution: Unresolved
              • Icon: Low Low
              • None
              • 4.20.1, 5.12.10
              • Customer Portal

                Issue Summary

                When trying to play any video attachment on issues using the JSM Customer Portal by clicking on them using Google Chrome or Safari, the video doesn't start playing and we can see some blocked scripts on the browser console.

                Steps to Reproduce

                1. We have installed a fresh JSM on version 4.20 (Affected Version) 
                2. Created a new project.
                3. Created an Issue (Get IT Help) at the project created on step before.
                4. Attached a .mp4 video to that issue and tried to play it on Chrome and Safari.

                Expected Results

                It was expected that the video would start to play on both web browsers.

                Actual Results

                The video doesn't start to play, and we can see on the browser console the following message:

                Blocked script execution in 'https://<base_url>/servicedesk/customershim/secure/attachment/10100/10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4?fromIssue=1011201' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
                VM56 injected.js:1 Blocked script execution in 'https://<base-url>/servicedesk/customershim/secure/attachment/10100/10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4?fromIssue=1011201' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
                (anonymous) @ VM56 injected.js:1
                v @ VM56 injected.js:1
                injectable @ VM56 injected.js:1
                (anonymous) @ VM56 injected.js:1
                g @ VM56 injected.js:1
                m @ VM56 injected.js:1
                (anonymous) @ VM56 injected.js:1
                await in (anonymous) (async)
                (anonymous) @ VM56 injected.js:1
                (anonymous) @ VM56 injected.js:1
                n @ VM56 injected.js:1
                (anonymous) @ VM56 injected.js:1
                (anonymous) @ VM56 injected.js:1
                n @ VM56 injected.js:1
                (anonymous) @ VM56 injected.js:1
                (anonymous) @ VM56 injected.js:1
                Cross-Origin Read Blocking (CORB) blocked cross-origin response https://<base-url>/servicedesk/customer/user/login?absolute=true&destination=%2Fservicedesk%2Fcustomershim%2Fsecure%2Fattachment%2F10100%2F10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4%3FfromIssue%3D1011201 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
                10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4:1 Blocked script execution in 'https://<base-url>/servicedesk/customershim/secure/attachment/10100/10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4?fromIssue=1011201' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. 

                 

                This issue was fixed by this JRASERVER-72275 bug, however, it doesn't apply to the JSM customer portal

                Workaround

                In order to enable Chrome and Safari to properly playback attachments (like videos or sounds) added to issues admin can disable a feature flag by adding a Site Wide Dark Feature called jira.security.csp.sandbox.disabled. This will disable setting header Content-Security-Policy to sandbox for attachments and other assets.

                  1. Test.mp4
                    2.97 MB

                        Unassigned Unassigned
                        8c7f0d7281aa Artur Moura (Inactive)
                        Affected customers:
                        6 This affects my team
                        Watchers:
                        8 Start watching this issue

                          Created:
                          Updated:

                            Unassigned Unassigned
                            8c7f0d7281aa Artur Moura (Inactive)
                            Affected customers:
                            6 Vote for this issue
                            Watchers:
                            8 Start watching this issue

                              Created:
                              Updated: