Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

how to remove response header Content-Security-Policy frame-ancestors 'self'

Subhajit Bhuiya July 5, 2018

I have written my own JIRA plugin. It has few servlet. The response from servlet automatically adding response header as 

 Content-Security-Policy frame-ancestors 'self'

 

How can I stop that. I have created a filter and there I am wrapping httpresponse. But still Content-Security-Policy is getting added which preventing it from embedding into a x-frame

private static final class CustomHttpResponse extends HttpServletResponseWrapper {
public CustomHttpResponse(HttpServletResponse response) {
super(response);
}
public void setHeader(String name, String value) {
if (!name.equalsIgnoreCase("Content-Security-Policy")) {
super.setHeader(name, value);
}else{
System.out.println(name);
}
}
}

1 answer

0 votes
Subhajit Bhuiya July 6, 2018

I got the way to disable the header by https://confluence.atlassian.com/jirakb/security-headers-in-jira-939919914.html. But how to do it when I am running JIRA using atlas-debug command

Subhajit Bhuiya July 8, 2018

@Nir Haimov I am running my plugin using atlas-debug command. How can I set the java system property 

com.atlassian.jira.clickjacking.protection.exclude=/rest/my-plugin/1.0/dashboard,/rest/collectors/1.0/template/form/

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events