Skip to content

CORS Issue with atlassian.net #4419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rickpreston opened this issue May 13, 2019 · 13 comments · Fixed by brave/referrer-whitelist#14
Closed

CORS Issue with atlassian.net #4419

rickpreston opened this issue May 13, 2019 · 13 comments · Fixed by brave/referrer-whitelist#14
Labels
feature/shields/referrer priority/P4 Planned work. We expect to get to it "soon". QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include webcompat/not-shields-related Sites are breaking because of something other than Shields.
Milestone
1.1.x - Release

Comments

@rickpreston
Copy link

Looks similar to 2252 but that is Closed.

Description

Unable to login to JIRA at https://<mycompanyname>.atlassian.net because of CORS issue.

Steps to Reproduce

Attempt to login to JIRA.

Actual result:

Dev tools console shows this:
Access to fetch at 'https://mgas.prod.public.atl-paas.net/analytics/event' from origin 'https://<mycompanyname>.atlassian.net' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

image

Expected result:

I can login to JIRA.

Reproduces how often:

Happens every time. Doesn't happen with other browsers.

Brave version (brave://version info)

Brave | 0.63.55 Chromium: 74.0.3729.131 (Official Build) (64-bit)
Revision | 518a41c1fa7ce1c8bb5e22346e82e42b4d76a96f-refs/branch-heads/3729@{#954}
OS | Windows 10 OS Build 17134.648

Version/Channel Information:

  • Can you reproduce this issue with the current release? Yes
  • Can you reproduce this issue with the beta channel? Unknown
  • Can you reproduce this issue with the dev channel? Unknown
  • Can you reproduce this issue with the nightly channel? Unknown

Other Additional Information:

  • Does the issue resolve itself when disabling Brave Shields? No
  • Does the issue resolve itself when disabling Brave Rewards? No
  • Is the issue reproducible on the latest version of Chrome? No

Miscellaneous Information:

none
@rebron rebron added webcompat/shields Shields is breaking a website. webcompat/not-shields-related Sites are breaking because of something other than Shields. priority/P4 Planned work. We expect to get to it "soon". and removed webcompat/shields Shields is breaking a website. labels May 13, 2019
@ryanbr
Copy link

ryanbr commented May 17, 2019

easylist/easylist@ee7cc7d

I did make a change recently which could've caused this. (easylist/easylist@47870cf28615)

@diracdeltas
Copy link
Member

could be same issue as #4396

@cmanley
Copy link

cmanley commented Sep 24, 2019

This is still an issue that I'm experiencing too.

@ryanbr
Copy link

ryanbr commented Sep 25, 2019

Got a sample site and directions to test with @cmanley ?

@cmanley
Copy link

cmanley commented Sep 25, 2019

Got a sample site and directions to test with @cmanley ?
Unfortunately not because one has to pay for Jira, so you can test it if one of your customers or employees use Jira and you use a Google account to log in.

@bsclifton
Copy link
Member

@ryanbr I can confirm I run into the issue when signing in w/ my Atlassian account. I think the account is free to create and login to... you just won't be able to use any products. But that's good enough to reproduce the problem

@ryanbr
Copy link

ryanbr commented Sep 26, 2019

Okay, can reproduce it

Getting a lot of XSS issues on the site;
Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 13. The default protections will be applied.

x-xss-protection

@fmarier
Copy link
Member

fmarier commented Sep 27, 2019

This is related to Shields' referrer protections. It looks like they use id.atlassian.com but the JIRA instances are on atlassian.net.

ryanbr added a commit to ryanbr/referrer-whitelist that referenced this issue Sep 27, 2019
@ryanbr
Fix brave/brave-browser#4419
b95bd2c
@ryanbr ryanbr mentioned this issue Sep 27, 2019
Closed
fmarier added a commit to fmarier/referrer-whitelist that referenced this issue Sep 28, 2019
@fmarier
Fix Atlassian logins (fixes brave/brave-browser#4419)
4ca4e88
@fmarier fmarier mentioned this issue Sep 28, 2019
Merged
@bsclifton
Copy link
Member

@fmarier I believe a whitelist update is needed (to the DEPS file). I'll re-open the issue until we can sort that out

@bsclifton bsclifton reopened this Sep 30, 2019
@bsclifton
Copy link
Member

Wait - I think I'm wrong about that. Will re-close 😄 It may be part of the ad-block definitions now

@bsclifton bsclifton added this to the 0.72.x - Nightly milestone Sep 30, 2019
@btlechowski
Copy link

@bsclifton Is this issue QA/No or QA/Yes?

@bsclifton bsclifton changed the title CORS Issue CORS Issue with atlassian.net Oct 28, 2019
@bsclifton
Copy link
Member

bsclifton commented Oct 28, 2019
edited
Loading

@btlechowski would be good to test - if it works on Release channel too, then I think we can remove milestone and put Release Notes/exclude. If the whitelist update (which happened to 0.72.x) resolves this, then we can mark as Release Notes/include and keep milestone

@LaurenWags
Copy link
Member

LaurenWags commented Nov 19, 2019
edited by GeetaSarvadnya
Loading

Verified passed with

Brave 1.1.5 Chromium: 78.0.3904.97 (Official Build) beta (64-bit)
Revision 021b9028c246d820be17a10e5b393ee90f41375e-refs/branch-heads/3904@{#859}
OS macOS Version 10.13.6 (Build 17G5019)
  • Reproduced issue using version 0.63.55. Upgraded to 1.1.5 and verified I was able to login without issue.
    0.63.55:

Screen Shot 2019-11-19 at 12 50 52 PM

1.1.5:

Screen Shot 2019-11-19 at 12 56 03 PM

  • Confirmed able to login to Jira/Atlassian on clean profile with 1.1.5 as well.

Verification passed on

Brave 1.1.5 Chromium: 78.0.3904.97 (Official Build) beta (64-bit)
Revision 021b9028c246d820be17a10e5b393ee90f41375e-refs/branch-heads/3904@{#859}
OS Ubuntu 18.04 LTS

Verified using jira credentials and google account
image

Verification passed on

Brave 1.1.7 Chromium: 78.0.3904.108 (Official Build) beta (64-bit)
Revision 4b26898a39ee037623a72fcfb77279fce0e7d648-refs/branch-heads/3904@{#889}
OS Windows 10 OS Version 1803 (Build 17134.1006)
  • Verified using Jira credentials and google account
    image

@LaurenWags LaurenWags mentioned this issue Dec 9, 2019
Closed
@Songyu-Wang Songyu-Wang mentioned this issue Nov 10, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature/shields/referrer priority/P4 Planned work. We expect to get to it "soon". QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include webcompat/not-shields-related Sites are breaking because of something other than Shields.
Projects
None yet
Milestone
1.1.x - Release
Development

Successfully merging a pull request may close this issue.

Fix Atlassian logins fmarier/referrer-whitelist
10 participants
@fmarier @diracdeltas @cmanley @ryanbr @bsclifton @rebron @LaurenWags @btlechowski @GeetaSarvadnya @rickpreston