CORS Issue with atlassian.net

[rickpreston]

Looks similar to 2252 but that is Closed.

Description

Unable to login to JIRA at https://<mycompanyname>.atlassian.net because of CORS issue.

Steps to Reproduce

Attempt to login to JIRA.

Actual result:

Dev tools console shows this:
Access to fetch at 'https://mgas.prod.public.atl-paas.net/analytics/event' from origin 'https://<mycompanyname>.atlassian.net' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

Expected result:

I can login to JIRA.

Reproduces how often:

Happens every time. Doesn't happen with other browsers.

Brave version (brave://version info)

Brave | 0.63.55 Chromium: 74.0.3729.131 (Official Build) (64-bit)
Revision | 518a41c1fa7ce1c8bb5e22346e82e42b4d76a96f-refs/branch-heads/3729@{#954}
OS | Windows 10 OS Build 17134.648

Version/Channel Information:

• Can you reproduce this issue with the current release? Yes
• Can you reproduce this issue with the beta channel? Unknown
• Can you reproduce this issue with the dev channel? Unknown
• Can you reproduce this issue with the nightly channel? Unknown

Other Additional Information:

• Does the issue resolve itself when disabling Brave Shields? No
• Does the issue resolve itself when disabling Brave Rewards? No
• Is the issue reproducible on the latest version of Chrome? No

Miscellaneous Information:

none

[ryanbr]

easylist/easylist@ee7cc7d

I did make a change recently which could've caused this. (easylist/easylist@47870cf)

[diracdeltas]

could be same issue as #4396

[cmanley]

This is still an issue that I'm experiencing too.

[ryanbr]

Got a sample site and directions to test with @cmanley ?

[cmanley]

Got a sample site and directions to test with @cmanley ?
Unfortunately not because one has to pay for Jira, so you can test it if one of your customers or employees use Jira and you use a Google account to log in.

[bsclifton]

@ryanbr I can confirm I run into the issue when signing in w/ my Atlassian account. I think the account is free to create and login to... you just won't be able to use any products. But that's good enough to reproduce the problem

[ryanbr]

Okay, can reproduce it

Getting a lot of XSS issues on the site;
Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 13. The default protections will be applied.

[fmarier]

This is related to Shields' referrer protections. It looks like they use id.atlassian.com but the JIRA instances are on atlassian.net.

[bsclifton]

@fmarier I believe a whitelist update is needed (to the DEPS file). I'll re-open the issue until we can sort that out

[bsclifton]

Wait - I think I'm wrong about that. Will re-close 😄 It may be part of the ad-block definitions now

[btlechowski]

@bsclifton Is this issue QA/No or QA/Yes?

[bsclifton]

@btlechowski would be good to test - if it works on Release channel too, then I think we can remove milestone and put Release Notes/exclude. If the whitelist update (which happened to 0.72.x) resolves this, then we can mark as Release Notes/include and keep milestone

[LaurenWags]

Verified passed with

Brave	1.1.5 Chromium: 78.0.3904.97 (Official Build) beta (64-bit)
Revision	021b9028c246d820be17a10e5b393ee90f41375e-refs/branch-heads/3904@{#859}
OS	macOS Version 10.13.6 (Build 17G5019)

• Reproduced issue using version 0.63.55. Upgraded to 1.1.5 and verified I was able to login without issue.
  0.63.55:

1.1.5:

• Confirmed able to login to Jira/Atlassian on clean profile with 1.1.5 as well.

Verification passed on

Brave	1.1.5 Chromium: 78.0.3904.97 (Official Build) beta (64-bit)
Revision	021b9028c246d820be17a10e5b393ee90f41375e-refs/branch-heads/3904@{#859}
OS	Ubuntu 18.04 LTS

Verified using jira credentials and google account

Verification passed on

Brave	1.1.7 Chromium: 78.0.3904.108 (Official Build) beta (64-bit)
Revision	4b26898a39ee037623a72fcfb77279fce0e7d648-refs/branch-heads/3904@{#889}
OS	Windows 10 OS Version 1803 (Build 17134.1006)

• Verified using Jira credentials and google account