Uploaded image for project: 'JIRA Service Desk Server'
  1. JIRA Service Desk Server
  2. JSDSERVER-1640

SD redirects calls to any plugin's REST endpoints to /servicedesk/customer/portal/1

    XMLWordPrintable

    Details

      Description

      NOTE: This bug report is for JIRA Service Desk Server. Using JIRA Service Desk Cloud? See the corresponding bug report.

      We have a plugin that injects some javascript into SD customer portal. This plugin embellishes some custom fields with HTML generated based on REST calls to the plugin's REST endpoints.

      Our customer reported that their 'customer' users do not the proper embellishments, instead they get some Javascript error. It turned out that when a user who is not in jira-users (an SD 'customer') is accessing the page with our plugin on it, the plugin makes a REST call that gets 302-redirected to /servicedesk/customer/portal/1. Which means that everything gets broken. Adding @AnonymousAllowed annotation to the plugin's endpoint does not help, as it only works when the user is actually not logged-in. When they log in, apparently SD servlet filter (or whatever) redirects blindly to a bad place.

      This is breaking our plugin in very bad ways and we are likely losing sales because of this.

      Are there any workarounds for this behaviour? I have tried injecting a serlet filter, but it is not being invoked.

      The plugin in question is https://marketplace.atlassian.com/plugins/com.spartez.jira.plugins.ephor-for-jira, but the behaviour can be trivially reproduced with any plugin that has a REST endpoint. Just log in as an SD 'customer' and go to plugin's REST endpoint

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                gjoseph Gregory Joseph
                Reporter:
                janusz.gorycki Janusz Gorycki
              • Votes:
                3 Vote for this issue
                Watchers:
                13 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: