Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-63915

Implement the origin csrf/xsrf checks that atlassian-rest has for JIRA actions.

    XMLWordPrintable

Details

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Atlassian rest implemented origin CSRF/XSRF checks that are performed against known browsers. JIRA should implement similar checks for CSRF protected actions. Implementation details for the way atlassian-rest implemented the origin csrf/xsrf check can be found in the https://ecosystem.atlassian.net/browse/REST-339, https://ecosystem.atlassian.net/browse/REST-343, https://bitbucket.org/atlassian/atlassian-rest/src/master/atlassian-rest-common/src/main/java/com/atlassian/plugins/rest/common/security/jersey/OriginBasedXsrfResourceFilter.java and https://confluence.atlassian.com/kb/cross-site-request-forgery-csrf-protection-changes-in-atlassian-rest-779294918.html

      Attachments

        Issue Links

          relates to

          Suggestion - JRACLOUD-63915 Implement the origin csrf/xsrf checks that atlassian-rest has for JIRA actions.

          • Closed

          Activity

            People

              Unassigned Unassigned
              dblack David Black
              Votes:
              4 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: