Uploaded image for project: 'Atlassian OAuth 2.0'
  1. Atlassian OAuth 2.0
  2. OAUTH20-2488

Incoming application link validation fails on Jira

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • None
    • 1.0.2
    • OAuth 2.0 Client
    • None
    • Severity 2 - Major

      Issue Summary

      Incoming application link validation fails on Jira when TLD's are not part of apache commons library's function's static list as per UrlValidator
      Issue is due to Apache Commons DomainValidator not recognising the TLD to be the valid domain which is due to validation code introduced as part of a security fix for XSS exploitation of the redirect_url.

      This is reproducible on Data Center: (yes)

      Steps to Reproduce

      1. Make an incoming application link connection to Jira from an application running on locally configured domain, here .i

      Expected Results

      Connection should be successful with global domains and locally hosted domains.

      Actual Results

      The connection fails with Https status 412 error for locally hosted domains, here .i

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

        1. image-2024-04-04-14-51-21-038.png
          image-2024-04-04-14-51-21-038.png
          232 kB

              13250672cdc9 Addison Chung
              808188ae9fff Yash Singh
              Votes:
              41 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: