Implement the origin csrf/xsrf checks that atlassian-rest has for JIRA actions.

XMLWordPrintable

    • 1

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Atlassian rest implemented origin CSRF/XSRF checks that are performed against known browsers. JIRA should implement similar checks for CSRF protected actions. Implementation details for the way atlassian-rest implemented the origin csrf/xsrf check can be found in the https://ecosystem.atlassian.net/browse/REST-339, https://ecosystem.atlassian.net/browse/REST-343, https://bitbucket.org/atlassian/atlassian-rest/src/master/atlassian-rest-common/src/main/java/com/atlassian/plugins/rest/common/security/jersey/OriginBasedXsrfResourceFilter.java and https://confluence.atlassian.com/kb/cross-site-request-forgery-csrf-protection-changes-in-atlassian-rest-779294918.html

              Assignee:
              Unassigned
              Reporter:
              David Black
              Votes:
              4 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: