Jira and Bitbucket can't log in with Shields on

Description of the issue:
Can’t log in to Jira Cloud, Confluence Cloud, or Bitbucket with Shields enabled
Exact URL of the website in question:
Did the issue present with default Shields settings? (yes/no)
Does the site function as expected when Shields are turned off?
No - a second site (id.atlassian.com) is used to process the login, and default settings still have Shields enabled on that site
Is there a specific Shields configuration that causes the site to break? If so, tell us that configuration. (yes/no):
Does the site work as expected when using Chrome?
Brave version (check About Brave):
Version 1.15.75 Chromium: 86.0.4240.99 (Official Build) (x86_64)

The following Atlassian applications seem to have trouble with the standard Shields configuration:

  • Jira Cloud, Confluence Cloud (url pattern: yoursite.atlassian.net)
  • Bitbucket bitbucket.org
  • Trello, if account has been migrated to Atlassian account trello.com

These sites all process their logins through id.atlassian.com and redirect back to the original host. Something with the default Shields configuration makes the login fail. Disabling Shields on the application site doesn’t help, because Shields are still enabled at the actual ID site.

Found a previous post here alluding to the same cause, although lack of information had it go unsolved: Jira is not working with brave

Enabling third-party cookies for *.atlassian.net, *.atlassian.com, bitbucket.org, and trello.com seems to do the trick.

Yes, this is it. I even went the shorter path and tried changing the setting to “Allow all cookies” only on id.atlassian.com and that seemed to make the login flow work.

Happily awaiting that PR merge :smile:

but that’s not the right way to login, right?
Allowing all cookies. And not the motto of brave-browser.

Looking at the PR, there seems to be an exceptions list in Shield for certain sites. Atlassian has multiple domains under its umbrella but needs to authenticate to a single spot. Looking through the exceptions list there are other domains such as Google, Wordpress, Ubisoft, Twitch, etc…

1 Like

Don’t allow all cookies for all sites, just this instance its needed.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.