Link to a Confluence page with a special character is failing

Still need help?

The Atlassian Community is here for you.

Ask the community

This article only applies to the Atlassian server platform. Learn more about the differences between cloud and server.

 

In this article we are discussing the example of JIRA and Confluence and the character ':', but the same issue can occur between any two applications and with any special character.

 

Problem

Trying to link a Confluence page to a JIRA issue (or to any other application) where the Confluence page contains a special character (eg ':') fails with the error : "No Confluence page found with the given URL".

 

Steps to reproduce :

  • Navigate to JIRA issue > More > Link > Confluence page
  • Search for a Confluence page with a special character. For example ':'
  • The page is searchable but when clicking on "Link" the following error is displayed.

 

 

Diagnosis

Environment

  • JIRA and Confluence are hosted behind the reverse proxy.

Diagnostic Steps

  • Issue is not reproducible after bypassing the proxy
  • With proxy, looking closer, there is also a difference in the url displayed in Confluence from the one displayed in JIRA for the same page.
  • The following error is displayed in Confluence logs: 

    2017-03-01 09:33:17,977 WARN [http-nio-8082-exec-23] [oauth.serviceprovider.internal.AuthenticatorImpl] logOAuthProblem Problem encountered authenticating OAuth client for url "https://xxxx.com/confluence/display/AAA/AAAA+2015:+Q2", error was "signature_invalid", with parameters "{oauth_problem=signature_invalid, oauth_signature=xOAIBqODL66ZOHlTHYCnf5Uh0HWCF1FLPujjblWUVAfs6u3V4V3qQwNxUg6JddNQDFbBLqKYfonwIfI1Sp9RRqtbhDsdhJC3kTSC2++b5oUja1BJ59YrnyAhxP/OBJT9ePcru3V9C8P9Pq9tVIKX7HJaTQKeU3DSqWDo1ZvSZB8=, oauth_signature_base_string=GET&https%3A%2F%2Fxxx.com%2Fconfluence%2Fdisplay%2FBPP%2FTest%2BConfluence%2BLinking%2Bwith%2B%3A%2BJira%2BIssues&oauth_consumer_key%3Djira%253A11124560%26oauth_nonce%3D44427251144970311%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1488360797%26oauth_token%3D%26oauth_version%3D1.0%26xoauth_requestor_id%3Ddkum83, oauth_signature_method=RSA-SHA1}"

Cause

When JIRA searches for the page, Confluence is sending the url with '%3A' to JIRA. However at the time of adding the page link, JIRA proxy is encoding '%3A' to ':' and sending it back to Confluence. At this moment, Confluence sees that the request url was modified and hence fails with the 'signature_invalid' error. 
This same problem does not arise when you manually change the url to add the colon ':' in the url. This is because proxy does not interfere with this url at this point. So Confluence receives this url as is. So the link is approved.

Workaround

  • Replace %3A to use colon (:) in JIRA right before pressing "Link"


Resolution

(info) We are taking Apache httpd as an example here : 

Use the 'nocanon' parameter in the proxy configuration as it suppresses the special character conversion in the url.

Reference : https://httpd.apache.org/docs/2.4/mod/mod_proxy.html

The optional nocanon keyword suppresses this and passes the URL path "raw" to the backend. Note that this keyword may affect the security of your backend, as it removes the normal limited protection against URL-based attacks provided by the proxy.

Description:	Maps remote servers into the local server URL-space
Syntax:	ProxyPass [path] !|url [key=value [key=value ...]] [nocanon] [interpolate] [noquery

 

ProxyPass               /jira     http://127.0.0.1:8080/jira nocanon

 

Context : https://www.silverdisc.co.uk//blog/2009/02/28/url-canonicalisation-and-normalisation

Example of a Url proxied by httpd

Without using nocanon  : http://xxxxx/jira/browse/DRX-1+:

Using nocanon  : http://xxxxx//jira/browse/DRX-1+%3A

 

 

Last modified on Mar 30, 2017

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.