It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

JIRA issue collector and SameSite cookie attribute

Our application includes an issue collector to collect bugs and feedback from our end users. This doesn't work in the latest version of Chrome to be released in February 2020. Is there a timeline on when this will be fixed?

Chrome 80 includes breaking changes to the way it handles cookies. Cross-site cookies need to have a `SameSite=none` attribute set on them. Here's the message in the Chrome console:

A cookie associated with a cross-site resource at https://atlassian.net/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Message displayed in place of the issue collector:

We noticed that you have third-party cookies disabled in your browser. We need this enabled to correctly submit your feedback. Once youve enabled cookies, please refresh the page.

3 answers

2 votes
Andy_Heinzer Atlassian Team Jan 16, 2020

Hi Jesse,

Thank you for the extra details.  With that info I was able to replicate this in my Chrome.  As such I have created a new bug ticket for this in JRACLOUD-73683, for Jira Cloud and JRASERVER-70494 for Jira Server.

I would recommend watching these tickets to be aware of any updates to this.  Thanks for reporting this.

Andy

Hope that the Issue will be fixes until rollout of chrome starts 

0 votes
Andy_Heinzer Atlassian Team Jan 16, 2020

Hi Jesse,

I see that you are running into some problems using an issue collector for Jira against a new beta version of Google Chrome that might have some breaking changes.   I have tried to recreate this problem, but so far I have been unsuccessful.  I'll share my steps so far, and I'd hope to learn more about yours so that we can better understand and then address this problem.

  1. I installed the latest Google Chrome Canary - Version 81.0.4029.0 (Official Build) canary (64-bit)
  2. Then in my Jira Cloud site, I created a new issue collector, my settings used a default reporter here in case that matters
  3. I took that javascript of the issue collector and pasted it into just an htm file I opened, as well as a Jira Server announcement banner.
  4. Both the htm file, and the Jira Server site approaches worked correctly for me and were able to create issues in my Jira Cloud project in question. Also I don't see any warning/error message in the browser console when this happens.  So I must be doing something differently here.

So I'm not sure how my test is different from your explained behavior.  When you say you have an application, is this a website your users visit?  Or is this some kind of Electron like application that runs chromium to provide the end user an application to run where this happens?

Please let me know.

Cheers,

Andy

Andy,

It is embedded in a web application. Here's a simple site that I've duplicated it on: https://bmisw.github.io/jira-samesite-demo/

Installing the Canary build is not enough to test this. According to this Chromium release notes page, the Canary build only has a 50% chance of having the behavior enabled by default. You have to enable the flags (in either a stable or canary build of Chrome) to see the behavior that will become the default in Chrome 80.

  • Navigate to chrome://flags
  • Enter "SameSite" in the search bar
  • Change "SameSite by default cookies" and "Cookies without SameSite must be secure" from Default to Enabled.
  • Relaunch and retest.
Like Aaron_Kotranza likes this

@Andy_Heinzer 

 

The tickets to which you linked are closed, but my site still throws the error. Do I need to re-create an issue collector or do I need to configure something with DNS?

Andy_Heinzer Atlassian Team May 21, 2020

@Michael 

I would try to recreate the issue collector in Jira first.  I know there have been changes made to way these work for both server and cloud, but some of these changes might not appear until after you create the collector.

If that doesn't help, please let me know which platform you are using (server vs cloud).  If using server, please let me know which version of Jira you are using.

Andy

That might explain things. I updated an issue collector in hopes that it would get it working. I'll have to try re-creating.

Should I assume that by create you mean I should not try "copy" function, right?

 

We are using Jira Cloud. I still receive a warning (as of today, May 22, 2020) in the developer console:

 

"A cookie associated with a cross-site resource at http://atlassian.net/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032."

 

But the issue collector still works properly... Will it break in the future? My current chrome version is 'Version 81.0.4044.138 (Official Build) (64-bit)'. 

 

Thanks,

 

Keith

@Keith_Mycek did you create a new collector? For me, I had to create a new one. The old ones may eventually break or fall back on different functionality.

I changed my Chrome flags to be very strict and the old form still worked, but threw its own errors along the way. I have a feeling the "new version" uses whatever the old ones fell back on. But I'm not sure.

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you