Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-11118

Video attachments stopped playing on issues in Chrome/Safari browsers from the Customer Portal

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Low
    • None
    • 4.20.1
    • Customer Portal
    • None

    Description

      Issue Summary

      When trying to play any video attachment on issues using the JSM Customer Portal by clicking on them using Google Chrome or Safari, the video doesn't start playing and we can see some blocked scripts on the browser console.

      Steps to Reproduce

      1. We have installed a fresh JSM on version 4.20 (Affected Version) 
      2. Created a new project.
      3. Created an Issue (Get IT Help) at the project created on step before.
      4. Attached a .mp4 video to that issue and tried to play it on Chrome and Safari.

      Expected Results

      It was expected that the video would start to play on both web browsers.

      Actual Results

      The video doesn't start to play, and we can see on the browser console the following message:

      Blocked script execution in 'https://<base_url>/servicedesk/customershim/secure/attachment/10100/10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4?fromIssue=1011201' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
VM56 injected.js:1 Blocked script execution in 'https://<base-url>/servicedesk/customershim/secure/attachment/10100/10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4?fromIssue=1011201' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
(anonymous) @ VM56 injected.js:1
v @ VM56 injected.js:1
injectable @ VM56 injected.js:1
(anonymous) @ VM56 injected.js:1
g @ VM56 injected.js:1
m @ VM56 injected.js:1
(anonymous) @ VM56 injected.js:1
await in (anonymous) (async)
(anonymous) @ VM56 injected.js:1
(anonymous) @ VM56 injected.js:1
n @ VM56 injected.js:1
(anonymous) @ VM56 injected.js:1
(anonymous) @ VM56 injected.js:1
n @ VM56 injected.js:1
(anonymous) @ VM56 injected.js:1
(anonymous) @ VM56 injected.js:1
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://<base-url>/servicedesk/customer/user/login?absolute=true&destination=%2Fservicedesk%2Fcustomershim%2Fsecure%2Fattachment%2F10100%2F10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4%3FfromIssue%3D1011201 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4:1 Blocked script execution in 'https://<base-url>/servicedesk/customershim/secure/attachment/10100/10100_E4614E76-FBB1-42B6-9C72-10220B13E345.MP4?fromIssue=1011201' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

       

      This issue was fixed by this JRASERVER-72275 bug, however, it doesn't apply to the JSM customer portal

      Workaround

      In order to enable Chrome and Safari to properly playback attachments (like videos or sounds) added to issues admin can disable a feature flag by adding a Site Wide Dark Feature called jira.security.csp.sandbox.disabled. This will disable setting header Content-Security-Policy to sandbox for attachments and other assets.

      Attachments

        1. Test.mp4
          2.97 MB

        Issue Links

          is cloned from

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-72275 Video attachments stopped playing on issues in Chrome/Safari browsers

          • High - High priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              8c7f0d7281aa Artur Moura (Inactive)
              Votes:
              4 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:

                Backbone Issue Sync