Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-38125

As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis

XMLWordPrintable

    • 0
    • 1
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Problem Definition

      As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis. At the moment, the setting is applied at a global basis, which does not work if you want attachments to be downloaded/displayed inline depending on the space.

      Suggested Solution

      Add the ability to choose options (e.g. 'Insecure: Display all attachments inline.') for some spaces only while not affecting Confluence globally.

          Form Name

            [CONFSERVER-38125] As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis

            David Black added a comment - - edited

            This will would potentially allow users who have attachment rights in a confluence space to XSS other users. However, of course this may be what some users want and if that's the case we should make the potential security impact of this feature clear.

            David Black added a comment - - edited This will would potentially allow users who have attachment rights in a confluence space to XSS other users. However, of course this may be what some users want and if that's the case we should make the potential security impact of this feature clear.

              Unassigned Unassigned
              ajean Andy J.
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: