Site completely broken with CORS rejected issues in firefox?

Andrew Mainland June 19, 2020

I'm completely unable to use firefox I get dozens of errors like

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://jira-frontend-static.prod.public.atl-paas.net/assets-brotli/vendor~31ecd969.8c519aa0eb248d60cafd.8.js. (Reason: CORS request did not succeed).

 

I'm just browsing to the site. Firefox url ->> <site>.atlassian.net ->> Does not load ->> console errors

 

 

1 answer

3 votes
Andrew Mainland June 19, 2020

This firefox add-on fixes it: https://addons.mozilla.org/en-US/firefox/addon/cross-domain-cors/

 

This is a CORs issue. I believe that Firefox has implemented CORs correctly and atlassian is broke. 

 

Top notch support btw

Andrew Mainland June 22, 2020

BTW, the fact add-on fixes it is a BAD thing.

Andrew Mainland June 22, 2020

(Atlassian's top notch support just emailed me that there was a fix to my problem)

Andrew Mainland June 22, 2020

lol I just got a badge for first accepted answer.

John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 23, 2020

Hey Andrew - have you entered a support ticket with Atlassian? 

Peter PJ Wickwire July 1, 2020

@Andrew MainlandWhat was the fix? I still see the issue with the latest version of firefox.

Andrew Mainland July 1, 2020

The "fix" that I put above was only to confirm that this is a problem that atlassian needs to address.

That "fix" works by overriding Firefox's security mechanism (turning off CORS completely) What I think should happen is that the devs at atlassian head over to mozilla's documentation read it and then adjust the headers accordingly.  

Had this been my company I do not imagine the end user would notice this bug for longer than 1 hour max.

Like Henry Ford likes this
Mikalai Karol September 14, 2020

I had exactly the same problem - thanks for the solution

ngiesen October 23, 2020

Same here, but with another CDN:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://a.trellocdn.com/prgb/dist/br/snowplow.0949d401c08948310f2f.js. (Reason: CORS request did not succeed).

And more of those on the same domain.

The board in question does *not* have the access-control-allow-origin header set.

This really needs fixing (and it shocks me that other browsers, such as chrome, do let you through, in absence of access-control-allow-origin header).

Andrew Mainland October 23, 2020

It's obvious that Atlassian either doesn't care, doesn't "get it".

& If they fixed this tomorrow, I'd have to recommend switching to another product.

Eventually there is going to be another security bug and we'd have to expect the same response.

Alberto Maturano November 23, 2020

It's there a ticket to follow? This is really annoying

Henry Ford May 14, 2021

I'm very interested in this issue as this problem started for me today, despite it being reported more than year ago.

My problem is that our domain at https://(mycompany).atlassian.net isn't allowed to load resources from https://jira-frontend-static.prod.public.atl-paas.net/assets-brotli/async-all-dev-panel.6ba0ceb7e0562f66cff1.8.js

Further issues I face are that:

  • I cannot raise a ticket for this problem on Atlassian as we have an admin in our company whom I don't know how to reach.
  • This problem started only recently
  • I can't work until I have a work-around/fix

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events