I have written my own JIRA plugin. It has few servlet. The response from servlet automatically adding response header as
Content-Security-Policy frame-ancestors 'self'
How can I stop that. I have created a filter and there I am wrapping httpresponse. But still Content-Security-Policy is getting added which preventing it from embedding into a x-frame
private static final class CustomHttpResponse extends HttpServletResponseWrapper {
public CustomHttpResponse(HttpServletResponse response) {
super(response);
}
public void setHeader(String name, String value) {
if (!name.equalsIgnoreCase("Content-Security-Policy")) {
super.setHeader(name, value);
}else{
System.out.println(name);
}
}
}
I got the way to disable the header by https://confluence.atlassian.com/jirakb/security-headers-in-jira-939919914.html. But how to do it when I am running JIRA using atlas-debug command
com.atlassian.jira.clickjacking.protection.exclude=/rest/my-plugin/1.0/dashboard,/rest/collectors/1.0/template/form/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.