REST API attachment request still works with wrong/expired cookie

2017-04-20T15:45:07
ID ATLASSIAN:JRACLOUD-66775
Type atlassian
Reporter jalor
Modified 2017-06-06T01:27:04

Description

h3. Summary

If you perform a REST API attachment request using Cookie Based Authentication with wrong/expired cookie it will still return results with 200 status code. h3. Environment

JIRA v1000.892.2 h3. Steps to Reproduce # Use Cookie Based Authentication using a wrong/expired cookie # Perform a REST API to get attachment {code}[https://instance.atlassian.net/rest/api/2/attachment/\|https://instance.atlassian.net/rest/api/2/attachment/]{id}{code}

h3. Expected Results * If you are using a wrong/expired cookie it should not return results.

h3. Actual Results * Using Cookie Based Authentication with wrong/expired cookie it will still return results with 200 status code.