Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal


  • Give kudos
  • Received
  • Given


  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage


Can I modify CSP to use noonce to restrict using inline scripts? Or what are the possibilities to solve my problem?

Best wishes,


1 answer

0 votes

You will need to explain what you mean by "CSP" and what it has to do with Atlassian software.

Oh yes. Sorry for my poor explanation. 

I'm talking about security headers. Right now csp is set as: Content-Security-Policy: frame-ancestors 'self'

But it allows to run inline scripts in jira. So you can run HTML <script> elements or on-event handlers to run XSS type attacks. 

So the resulution is to calculate every script hash or use nonce. But can I change these settings in jira? Can i set csp to nonce and if yes then how and where?

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Confluence

What do you think is the most *delightful* Confluence feature? Comment for a prize!

- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...

402 views 23 8
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you