Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,298,556
Community Members
 
Community Events
165
Community Groups

Using Issue Collector of a HTTPS server in an HTTP Server throws an error in Edge

Edited

Hi,

 

We are using Jira 7.13.8 Server, Microsoft Edge Version 100.0.1185.57 and Firefox 100.0.

We have two servers:

  • one uses HTTP,
  • the other HTTPS.

 

If I create an Issue Collector on both servers and integrate them in an HTTP server, I don't have the same behavior on EDGE.

  • With HTTP one, everything works fine
  • With HTTPS one,, I've got the error "We noticed that you have third-party cookies disabled in your browser, we need this enabled to correctly submit your information."

No problem with Firefox.

 

After checking Edge parameters, I have seen than third-party cookies are enabled. So I can't understand the error message.

 

Any help or idea of what I can check in Edge wille be appreciated.

1 answer

0 votes
Andy Rusnak Atlassian Team May 17, 2022
Hi Bertrand,

I am sorry to hear about the issue you are running into on Microsoft Edge using the Issue Collector. I wonder if you might be running into JRASERVER-70494. Although it is interesting that you are only seeing in Edge and not other browsers which in theory should have the same setting. But it is possible to have it set differently between browsers.  It may also be a combination of other settings in the Edge browser causing issues, but I think this at least a place to start.  

Would you be able to capture the developer tools console from the Edge browser when recreating the issue? I am curious to see if you see the warning noted in that Bug (starts with: "A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute.").

You can also check in Edge to see if the SameSite setting is enabled via:

1. Type in browser bar
edge://flags
2. In the search bar of that window type "cookie"
3. Find the "SameSite by default cookies" and confirm if it is enabled or disabled

Best,
Andy

Thanks for your answer.

 

Nothing about cookies in console. And edge://flags is forbidden by our IT.

Additionnal informations :

call to HTTP issue collector from HTTP server works

call to HTTPS issue collector from HTTPS server works

call to HTTP issue collector from HTTPS server doesn't works (can't call HTTP from HTTPS normal behavior)

call to HTTPS issue collector from HTTP server works gives me a cookie error even with third-party cookies enabled

 

Quiet sure this is a configuration of EDGE, but can't find which one...

Andy Rusnak Atlassian Team May 18, 2022

Thanks Bertrand!  So that rules out the Jira Bug that I posted then.  So I agree that it is some type of an Edge setting.  One thing that I am a little confused on, when you note the server and the issue collector, the server is referring to what?  Is that the server that hosting the application that contains the issue collector?  

So in the case of a web site for example, you have a site that requires HTTPs (that is the HTTPs server you are referring to) and then you have a site that does not (and that is the HTTP server you are referring to). 

Then the Issue Collector is the Issue Collector snippet that points to a Jira server, and there too you have one that requires HTTP and one that does not.  I just want to make sure I am understanding that correctly.  

Best, 

Andy

Andy Rusnak Atlassian Team May 18, 2022

Also, another thing we can look at, since Chrome is working, we might be able to inspect the cookies themselves that are stored on the browser.  If you load the developer tools up when you launch the Issue Collector, within the Application tab of the developer tools you can expand cookies and see what cookies are stored for both Chrome (where it works) and Edge (where it doesn't).  Seeing the difference in cookies might also help us to understand what could be triggering that warning.  

Best, 

Andy

You're right. We have two web servers (HTTP and HTTPS) and two jira instances (one HTTP, one HTTPS).

When using the HTTP web server to access HTTPS Issue Collector, I have differences for cookies :

  • In EDGE, where I have the message, I've no cookie at all
  • In Firefox (where it works), I've a atlassian.xsrf.token cookie for the Jira server
Andy Rusnak Atlassian Team May 19, 2022

Thanks Bertrand.  That makes sense now why you are seeing that then.  The xsrf token being missing would trigger that message from Jira. The fact the cookie gets set in Firefox would indicate that the server is attempting to push it down, its just a matter of determining why Edge isn't storing it.  

I am not necessarily an expert in Edge, I know it leverages the Chromium foundation, which is also what Chrome uses.  So it is interesting that Chrome is working, but Edge isn't.  Firefox uses a completely different foundation so that isn't necessarily surprising it would behave differently.  But the bottom line is determining why that cookie isn't getting stored.  

When you noted that third-party cookies are enabled, was that a global or site level within Edge?  I believe there is a way to enable third-party cookies globally and also at the site level, and I think the site level would override the global setting.  So I am curious if maybe there is a site specific setting that is preventing that cookie from getting stored.  

Are there any other cookies you see getting stored in Edge for that interaction?

Best,

Andy

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
7.13.8
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you