Community
Products
Jira
Questions
how to remove response header Content-Security-Policy frame-ancestors 'self'

how to remove response header Content-Security-Policy frame-ancestors 'self'

I have written my own JIRA plugin. It has few servlet. The response from servlet automatically adding response header as

Content-Security-Policy frame-ancestors 'self'

How can I stop that. I have created a filter and there I am wrapping httpresponse. But still Content-Security-Policy is getting added which preventing it from embedding into a x-frame

private static final class CustomHttpResponse extends HttpServletResponseWrapper {
public CustomHttpResponse(HttpServletResponse response) {
super(response);
}
public void setHeader(String name, String value) {
if (!name.equalsIgnoreCase("Content-Security-Policy")) {
super.setHeader(name, value);
}else{
System.out.println(name);
}
}
}

1 answer

0 votes

I got the way to disable the header by https://confluence.atlassian.com/jirakb/security-headers-in-jira-939919914.html. But how to do it when I am running JIRA using atlas-debug command

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

@Nir Haimov I am running my plugin using atlas-debug command. How can I set the java system property

com.atlassian.jira.clickjacking.protection.exclude=/rest/my-plugin/1.0/dashboard,/rest/collectors/1.0/template/form/

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

how to remove response header Content-Security-Policy frame-ancestors 'self'

1 answer

@Nir Haimov I am running my plugin using atlas-debug command. How can I set the java system property

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events