Oh yes. Sorry for my poor explanation.
I'm talking about security headers. Right now csp is set as: Content-Security-Policy: frame-ancestors 'self'
But it allows to run inline scripts in jira. So you can run HTML <script> elements or on-event handlers to run XSS type attacks.
So the resulution is to calculate every script hash or use nonce. But can I change these settings in jira? Can i set csp to nonce and if yes then how and where?
- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events