Missing issue type avatar from remote issue link in Jira
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When using mixed protocols (HTTP and HTTPS) between two different Jira Instances, the avatar icon for the issue type from a remote link is not downloaded from the HTTP Jira instance as it is considered insecure content by Chrome.
Steps to reproduce
- Jira instance 1 using HTTPS
- Another Jira instance 2 using HTTP
- Configure Application Link between both Jira Instances
- Edit one issue on Jira instance 1 (HTTPS) and add a remote issue link to Jira Instance 2 (HTTP)
What is observed
- The Avatar icon from the remote issue is not downloaded when using Chrome browser, but it is correctly presented when using Firefox
- When editing the same linked issue on Jira instance 2 (HTTP), we can see correctly the avatar from the remote issue from Instance 1 (HTTPS).
What was expected
- Remote link showing the link with the Avatar icon for the issue type
Environment
Jira Core 8.x
Chrome 89.x
Firefox 87.0 (64-bit)
Diagnosis
- Application Link is correctly configured
- Remote Issue links are working properly. It is possible to click over the link and the remote issue is correctly opened at the Browser
- Issue from Jira Instance running on HTTP, with a remote link to an issue from Jira Instance running on HTTPS: The avatar of the remote issue type is downloaded
- Issue from Jira Instance running on HTTPS, with a remote link to an issue from Jira Instance running on HTTP: The avatar of the remote issue type is not downloaded
- Har file shows that the Avatar icon of the remote issue type was not downloaded
Cause
Chrome blocks insecure content by default.
Solution
Enforce SSL on both Jira instances
However, if it is not possible to make the other Jira secure, using HTTPS, then you can follow the next steps to allow insecure content:
It is not a good idea to allow mixed content ( SSL + non SSL ) as doing so increases several security risks!
- Click over the lock - It may show a "Not Secure" message as it contains mixed content (HTTP and HTTPS) to expand the browser options for this site. Select "Site Settings".
- Change the "Insecure Content" from "Block" to "Allow" and refresh the Jira tab.