[JRASERVER-40787] It should be possible to restrict access to the Issue Navigator by anonymous users - Create and track feature requests for Atlassian products.

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Security
Labels:

UIS:
3
Support reference count:
15
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

Currently, even if a user is not logged into JIRA, he/she will still be able to access the Issue Navigator using the URL: http://<JIRA_URL>/issues/?jql=/.

Steps to reproduce:

Setup a JIRA instance.
Try to go to the Issue Navigator URL (for example: http://localhost:8080/issue/?jql=)
Even if you are not logged in, you will still be able to see the issue navigator.

There are customers who share their filters with everyone, and having the Issue Navigator URL publicly accessible allows for any user to browse those filters and see the filter owner name, for instance.

Although this is the expected behaviour, it would be helpful to have the possibility of restricting access to the Issue Navigator (e.g. in the General Settings) so that anonymous users are redirected to a login page.

relates to

JRASERVER-34914 Issue Navigator Accessible by anonymous users.

Closed

JRASERVER-36544 JIRA search page does not redirect user to the login page

Closed

JRASERVER-42626 Sensitive information displayed in anonymous REST API calls

Closed

JRACLOUD-40787 It should be possible to restrict access to the Issue Navigator by anonymous users

Gathering Interest

JRASERVER-34268 Issue / project not found message in issue searches for anonymous users should prompt user to login

Gathering Interest

JRASERVER-65030 Redirect users not logged in to a login screen

Gathering Interest

JRASERVER-65521 Add possibility to disable public access to JIRA

Under Consideration

mentioned in: Page Loading...; Page Loading...; Page Loading...

(2 relates to, 3 mentioned in)

Loading...

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Security
Labels:

UIS:
3
Support reference count:
15
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

Currently, even if a user is not logged into JIRA, he/she will still be able to access the Issue Navigator using the URL: http://<JIRA_URL>/issues/?jql=/.

Steps to reproduce:

Setup a JIRA instance.
Try to go to the Issue Navigator URL (for example: http://localhost:8080/issue/?jql=)
Even if you are not logged in, you will still be able to see the issue navigator.

There are customers who share their filters with everyone, and having the Issue Navigator URL publicly accessible allows for any user to browse those filters and see the filter owner name, for instance.

Although this is the expected behaviour, it would be helpful to have the possibility of restricting access to the Issue Navigator (e.g. in the General Settings) so that anonymous users are redirected to a login page.

relates to

JRASERVER-34914 Issue Navigator Accessible by anonymous users.

Closed

JRASERVER-36544 JIRA search page does not redirect user to the login page

Closed

JRASERVER-42626 Sensitive information displayed in anonymous REST API calls

Closed

JRACLOUD-40787 It should be possible to restrict access to the Issue Navigator by anonymous users

Gathering Interest

JRASERVER-34268 Issue / project not found message in issue searches for anonymous users should prompt user to login

Gathering Interest

JRASERVER-65030 Redirect users not logged in to a login screen

Gathering Interest

JRASERVER-65521 Add possibility to disable public access to JIRA

Under Consideration

mentioned in: Page Loading...; Page Loading...; Page Loading...

(2 relates to, 3 mentioned in)

Assignee:: Unassigned

Reporter:: Danilo Conrad

Votes:: 34 Vote for this issue

Watchers:: 30 Start watching this issue

Created:: 11/Nov/2014 6:49 PM

Updated:: 06/Dec/2024 8:22 PM

Details

Description

Steps to reproduce:

Attachments

Issue Links

Forms

Activity

Details

Description

Steps to reproduce:

Attachments

Issue Links

Forms

Activity

People

Dates

People

Dates