Atlassian Companion app fails to edit files with certain special characters

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Users cannot edit a file with special characters using the Companion app. They may also see an "Unexpected response status code 401" error on the screen.

Environment

  • Confluence Server or Data Center (any version)
  • Reverse Proxy
    • Apache
    • Apache using the AJP protocol
    • NGINX

Diagnosis

  1. Files can be edited after bypassing the reverse proxy.
  2. The following appears in the atlassian.confluence.log:
2020-08-06 11:56:34,513 WARN [http-nio-8098-exec-25] [jwt.internal.sal.DefaultAuthenticationResultHandler] createAndSendFailure Failure during JWT authentication
-- url: /confluence/download/attachments/1966122/test%20(11).txt | traceId: 6c24626ada0a25e6
com.atlassian.jwt.exception.JwtInvalidClaimException: Expecting claim 'qsh' to have value 'f3c8cf84498c36b0e1b82a372f6d918b8ff6f1d9466e7a3c33c9a7ee3cc9b3f2' but instead it has the value '15a0eca3badc559bfe79955f7bc3201a4538ad171f8e85f9bbc8eedc4da78f96'


Cause

The URIs processed by proxies are subject to normalizations by default. This becomes an issue for files with special characters that do not need to be normalized. Make the below changes in your reverse proxy in order to always use the original URI.

Solution


Apache Reverse Proxy Using the AJP Protocol

In the httpd.conf.local file, the following JkOption will most likely be present:

JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories


The +ForwardURICompat parameter needs to be changed for Confluence 5.10.x  to +ForwardURICompatUnparsed.  For example:

JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories


Apache Reverse Proxy

For an Apache reverse proxy, ensure that the following is present:

ProxyPass /confluence http://localhost:8090/confluence nocanon


NGINX

For NGINX, simply edit the nginx.conf file by adding $request_uri; to the proxy_pass directive (as long as the location and context path are the same).  For example: 

location /<context-path> {

    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

proxy_pass http://<base-url>/<context-path>$request_uri;
}

If this doesn't work or returns an error (we've seen some users receive 502 errors with the above change), then please use the following:

location /<context-path> {

    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 
if ($request_uri ~* "/<context-path>(/.*)") { 
	proxy_pass http://<base-url>/<context-path>$1; break; 
}

proxy_pass http://<base-url>/<context-path>;
}

In all cases, the proxy will need to be restarted to pick up these changes.



Last modified on Nov 23, 2020

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.