Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-63915

Implement the origin csrf/xsrf checks that atlassian-rest has for JIRA actions.

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Atlassian rest implemented origin CSRF/XSRF checks that are performed against known browsers. JIRA should implement similar checks for CSRF protected actions. Implementation details for the way atlassian-rest implemented the origin csrf/xsrf check can be found in the https://ecosystem.atlassian.net/browse/REST-339, https://ecosystem.atlassian.net/browse/REST-343, https://bitbucket.org/atlassian/atlassian-rest/src/master/atlassian-rest-common/src/main/java/com/atlassian/plugins/rest/common/security/jersey/OriginBasedXsrfResourceFilter.java and https://confluence.atlassian.com/kb/cross-site-request-forgery-csrf-protection-changes-in-atlassian-rest-779294918.html

      Attachments

        Issue Links

          is related to

          Suggestion - JRASERVER-63915 Implement the origin csrf/xsrf checks that atlassian-rest has for JIRA actions.

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              dblack David Black
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: