Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-43914

Remove Internet Explorer MIME Sniffing Security Hole Workaround Policy

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Status Update

      This setting is still needed. However, the name of it no longer really reflects what it does. What the setting actually does is change the attachment security policy. The default level is a default (secure) attachment level which uses a blacklist of content-types which are sent as attachment downloads, the "insecure" level simply sends all attachments "inline" and the "secure" attachment level sends all attachments as downloads.

      Problem Definition

      The Internet Explorer MIME Sniffing Security Hole Workaround Policy in Configuring JIRA Options can be confusing - it it also not consistent. It will allow PNGs and block JPGs. It's also not entirely clear of the behaviour of it, for example in JRA-28965.

      Suggested Solution

      Remove the Internet Explorer MIME Sniffing Security Hole Workaround Policy functionality - IE7 has not been supported in JIRA for quite some time.

              Unassigned Unassigned
              dcurrie@atlassian.com Dave C
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: