Incoming application link validation fails on Jira

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • None
    • Affects Version/s: 1.0.2
    • Component/s: OAuth 2.0 Client
    • None
    • Severity 2 - Major

      Issue Summary

      Incoming application link validation fails on Jira when TLD's are not part of apache commons library's function's static list as per UrlValidator
      Issue is due to Apache Commons DomainValidator not recognising the TLD to be the valid domain which is due to validation code introduced as part of a security fix for XSS exploitation of the redirect_url.

      This is reproducible on Data Center: (yes)

      Steps to Reproduce

      1. Make an incoming application link connection to Jira from an application running on locally configured domain, here .i

      Expected Results

      Connection should be successful with global domains and locally hosted domains.

      Actual Results

      The connection fails with Https status 412 error for locally hosted domains, here .i

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

        1. image-2024-04-04-14-51-21-038.png
          image-2024-04-04-14-51-21-038.png
          232 kB

            Assignee:
            Addison Chung
            Reporter:
            Yash Singh
            Votes:
            41 Vote for this issue
            Watchers:
            15 Start watching this issue

              Created:
              Updated:
              Resolved: