Product & version: Adobe Express Developer Console (Web)
Platform: Chrome (Latest version) - Also tested in Incognito and alternative browsers.
Steps to reproduce:
Navigate to the Add-on Submission portal and go to the "Listing details" > "Publisher profile" section.
Fill out all required text fields (Publisher Name, Website, Description).
Try to upload a valid 250x250px image (tested both PNG and JPEG formats, under 1MB, with a simple filename like logo.png) into the "Publisher logo" drag-and-drop box.
Observe that the file fails to upload.
Open the browser's Developer Tools > Network tab and observe the failed API request returning the following JSON error: {"errorMessage": "Invalid code: DEFAULT", "errorReason": "bad_request_parameter"}.
Expected result: The 250x250px image should upload successfully, attach to the Publisher profile, and allow the submission process to continue.
Actual result: The upload is rejected by the backend server with a "bad_request_parameter" error, completely blocking the publisher from completing their add-on submission.
Attachments:
`curl 'https://ffc-addon.adobe.io/v1/images/4edfbcb4-edf4-467b-834c-231e9c4e6915' \
-H 'x-org-id: [REDACTED_ORG_ID]
@AdobeOrg' \
-H 'Authorization: Bearer [REDACTED]' \
-H 'Referer: https://new.express.adobe.com/' \
-H 'x-api-key: in-app-submission-express' \
-H 'traceparent: 00-d5b8c9788111e6ff09004c22298688fa-420193f1c245742a-01' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36' \
-H 'accept: application/vnd.adobe-ffcaddon.response+json' \
--data-binary '[IMAGE_FILE_PAYLOAD]'`
`Loading the script 'https://app.link/_r?sdk=web2.65.0&branch_key=[REDACTED_BRANCH_KEY]&callback=branch_callback__21' violates the following Content Security Policy directive: "script-src 'self'".
Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
The policy is report-only, so the violation has been logged but no further action has been taken.
add-ons?mode=submission:1 Running the JavaScript URL violates the following Content Security Policy directive 'script-src 'self''.
GET https://ffc-addon.adobe.io/v1/images/[REDACTED_IMAGE_UUID] 400 (Bad Request)
at _fetchApiWrapper (93636.2f2c3ad4887733b4.js:2)
at getUploadProgress (93636.2f2c3ad4887733b4.js:2)
at pollForImageUploadStatus (93636.2f2c3ad4887733b4.js:2)
at handleImageUpload (77181.924a928cbfb17506.js:1)
at _handleDroppedImage (hz-extensibility-image-dropzone.1e04f4842e02de7f.js:17)
[extensibility-in-app-submission] EndPerfActionError EndPerfActionErrorError: End perfAction for ias-media-upload-logo called without begin perfAction.
at j._endPerfAction (93636.2f2c3ad4887733b4.js:2:106990)
at j.endMediaUploadedPerfAction (93636.2f2c3ad4887733b4.js:2:107867)
at _mirrorOriginalConsole (hz-startup-ui-index.30101edfcada3598.js:130)`
Product & version: Adobe Express Developer Console (Web)
Platform: Chrome (Latest version) - Also tested in Incognito and alternative browsers.
Steps to reproduce:
Navigate to the Add-on Submission portal and go to the "Listing details" > "Publisher profile" section.
Fill out all required text fields (Publisher Name, Website, Description).
Try to upload a valid 250x250px image (tested both PNG and JPEG formats, under 1MB, with a simple filename like logo.png) into the "Publisher logo" drag-and-drop box.
Observe that the file fails to upload.
Open the browser's Developer Tools > Network tab and observe the failed API request returning the following JSON error: {"errorMessage": "Invalid code: DEFAULT", "errorReason": "bad_request_parameter"}.
Expected result: The 250x250px image should upload successfully, attach to the Publisher profile, and allow the submission process to continue.
Actual result: The upload is rejected by the backend server with a "bad_request_parameter" error, completely blocking the publisher from completing their add-on submission.
Attachments:
`Loading the script 'https://app.link/_r?sdk=web2.65.0&branch_key=[REDACTED_BRANCH_KEY]&callback=branch_callback__21' violates the following Content Security Policy directive: "script-src 'self'".
Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
The policy is report-only, so the violation has been logged but no further action has been taken.
add-ons?mode=submission:1 Running the JavaScript URL violates the following Content Security Policy directive 'script-src 'self''.
GET https://ffc-addon.adobe.io/v1/images/[REDACTED_IMAGE_UUID] 400 (Bad Request)
at _fetchApiWrapper (93636.2f2c3ad4887733b4.js:2)
at getUploadProgress (93636.2f2c3ad4887733b4.js:2)
at pollForImageUploadStatus (93636.2f2c3ad4887733b4.js:2)
at handleImageUpload (77181.924a928cbfb17506.js:1)
at _handleDroppedImage (hz-extensibility-image-dropzone.1e04f4842e02de7f.js:17)
[extensibility-in-app-submission] EndPerfActionError EndPerfActionErrorError: End perfAction for ias-media-upload-logo called without begin perfAction.
at j._endPerfAction (93636.2f2c3ad4887733b4.js:2:106990)
at j.endMediaUploadedPerfAction (93636.2f2c3ad4887733b4.js:2:107867)
at _mirrorOriginalConsole (hz-startup-ui-index.30101edfcada3598.js:130)`