Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA issue collector and SameSite cookie attribute

Jesse Barocio
Jesse Barocio January 13, 2020

Our application includes an issue collector to collect bugs and feedback from our end users. This doesn't work in the latest version of Chrome to be released in February 2020. Is there a timeline on when this will be fixed?

Chrome 80 includes breaking changes to the way it handles cookies. Cross-site cookies need to have a `SameSite=none` attribute set on them. Here's the message in the Chrome console:

A cookie associated with a cross-site resource at https://atlassian.net/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Message displayed in place of the issue collector:

We noticed that you have third-party cookies disabled in your browser. We need this enabled to correctly submit your feedback. Once youve enabled cookies, please refresh the page.

Answer
Watch
Like # people like this
3906 views

3 answers

2 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2020

Hi Jesse,

Thank you for the extra details.  With that info I was able to replicate this in my Chrome.  As such I have created a new bug ticket for this in JRACLOUD-73683, for Jira Cloud and JRASERVER-70494 for Jira Server.

I would recommend watching these tickets to be aware of any updates to this.  Thanks for reporting this.

Andy

View More Comments
Jörg Lang
Jörg Lang January 16, 2020

Hope that the Issue will be fixes until rollout of chrome starts 

Like
Reply
0 votes
Michael
Michael May 21, 2020

@Andy Heinzer 

 

The tickets to which you linked are closed, but my site still throws the error. Do I need to re-create an issue collector or do I need to configure something with DNS?

View More Comments
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 21, 2020

@Michael 

I would try to recreate the issue collector in Jira first.  I know there have been changes made to way these work for both server and cloud, but some of these changes might not appear until after you create the collector.

If that doesn't help, please let me know which platform you are using (server vs cloud).  If using server, please let me know which version of Jira you are using.

Andy

Like
Michael
Michael May 21, 2020

That might explain things. I updated an issue collector in hopes that it would get it working. I'll have to try re-creating.

Should I assume that by create you mean I should not try "copy" function, right?

Like
Keith Mycek
Keith Mycek May 22, 2020

 

We are using Jira Cloud. I still receive a warning (as of today, May 22, 2020) in the developer console:

 

"A cookie associated with a cross-site resource at http://atlassian.net/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032."

 

But the issue collector still works properly... Will it break in the future? My current chrome version is 'Version 81.0.4044.138 (Official Build) (64-bit)'. 

 

Thanks,

 

Keith

Like
Michael
Michael May 22, 2020

@Keith Mycek did you create a new collector? For me, I had to create a new one. The old ones may eventually break or fall back on different functionality.

I changed my Chrome flags to be very strict and the old form still worked, but threw its own errors along the way. I have a feeling the "new version" uses whatever the old ones fell back on. But I'm not sure.

Like
Reply
0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2020

Hi Jesse,

I see that you are running into some problems using an issue collector for Jira against a new beta version of Google Chrome that might have some breaking changes.   I have tried to recreate this problem, but so far I have been unsuccessful.  I'll share my steps so far, and I'd hope to learn more about yours so that we can better understand and then address this problem.

  1. I installed the latest Google Chrome Canary - Version 81.0.4029.0 (Official Build) canary (64-bit)
  2. Then in my Jira Cloud site, I created a new issue collector, my settings used a default reporter here in case that matters
  3. I took that javascript of the issue collector and pasted it into just an htm file I opened, as well as a Jira Server announcement banner.
  4. Both the htm file, and the Jira Server site approaches worked correctly for me and were able to create issues in my Jira Cloud project in question. Also I don't see any warning/error message in the browser console when this happens.  So I must be doing something differently here.

So I'm not sure how my test is different from your explained behavior.  When you say you have an application, is this a website your users visit?  Or is this some kind of Electron like application that runs chromium to provide the end user an application to run where this happens?

Please let me know.

Cheers,

Andy

View More Comments
Jesse Barocio
Jesse Barocio January 16, 2020

Andy,

It is embedded in a web application. Here's a simple site that I've duplicated it on: https://bmisw.github.io/jira-samesite-demo/

Installing the Canary build is not enough to test this. According to this Chromium release notes page, the Canary build only has a 50% chance of having the behavior enabled by default. You have to enable the flags (in either a stable or canary build of Chrome) to see the behavior that will become the default in Chrome 80.

  • Navigate to chrome://flags
  • Enter "SameSite" in the search bar
  • Change "SameSite by default cookies" and "Cookies without SameSite must be secure" from Default to Enabled.
  • Relaunch and retest.
Like Aaron Kotranza likes this
Ahmed Arslan
Ahmed Arslan April 2, 2021

@Jesse Barocio it should be set to Disabled rather than Enabled. More context in JRASERVER-70494 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events