Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira does't redirect HTTP users properly

Marcel van Rijzewijk
Marcel van Rijzewijk
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 12, 2018

Our Jira instance has been configured, using the Jira configuration tool, to redirect HTTP visitors to HTTPS, and the service has been restarted afterwards.

For some unknown reason, if I go to http://jira.ourcompany.com, it does not send me to the HTTPS page, but lets me log in into the HTTP environment at http://jira.ourcompany.com/secure/Dashboard.jspa and after logging in, I get a notification that the Base URL is not set correctly.

Jira2.png

 

Now, if we initially go to https://jira.ourcompany.com, it does correctly send me to the corresponding HTTPS page, and let me log in there.

If I now try to go back to the HTTP, for some reason, it does forward me to the HTTPS environment.

 

What is happening here, and why does Jira not initially forward me to the HTTPS environment, but does it work correctly when I try to go back there after visiting the HTTPS environment once?

If I then close the browser, and open it again, the same happens all over again. To meet our security compliance, we would like to ALWAYS forward the request to HTTPS.

Tried this on both IE11 and Chrome64, and the behaviour is the same.

 

Jira.png

Answer
Watch
Like Be the first to like this
491 views

1 answer

1 accepted

1 vote
Answer accepted
Marcel van Rijzewijk
Marcel van Rijzewijk
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 12, 2018

Just found the answer.

The person that configured the software, forgot to add a section to the web.xml file:

<security-constraint>
 <web-resource-collection>
  <web-resource-name>all-except-attachments</web-resource-name>
  <url-pattern>*.jsp</url-pattern>
  <url-pattern>*.jspa</url-pattern>
  <url-pattern>/browse/*</url-pattern>
  <url-pattern>/issues/*</url-pattern>
 </web-resource-collection>
 <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
</security-constraint>
View More Comments
Shannon S
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 12, 2018

Hi Marcel, Glad you were able to find that. I was actually in the middle of writing you with the same.

Take care, and have a pleasant week!

Regards,

Shannon

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security