Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-63915

Implement the origin csrf/xsrf checks that atlassian-rest has for JIRA actions.

XMLWordPrintable

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Atlassian rest implemented origin CSRF/XSRF checks that are performed against known browsers. JIRA should implement similar checks for CSRF protected actions. Implementation details for the way atlassian-rest implemented the origin csrf/xsrf check can be found in the https://ecosystem.atlassian.net/browse/REST-339, https://ecosystem.atlassian.net/browse/REST-343, https://bitbucket.org/atlassian/atlassian-rest/src/master/atlassian-rest-common/src/main/java/com/atlassian/plugins/rest/common/security/jersey/OriginBasedXsrfResourceFilter.java and https://confluence.atlassian.com/kb/cross-site-request-forgery-csrf-protection-changes-in-atlassian-rest-779294918.html

              Unassigned Unassigned
              dblack David Black
              Votes:
              4 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: