Jira Server tomcat setting http headers security (version 7.2.7)
Hi,
IT told that we should use web as belows to check our header security,
https://www.atatus.com/tools/security-header
After checking, we got level D, IT said we should upgrade to level A
Our Jira server is windows server,and uses tomcat, not IIS.
I have tried editing web.xml by inserting below contents, but it doesn't work, even the site can't display normally.
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>Strict-Transport-Security</param-name>
<param-value>max-age=31536000; includeSubDomains</param-value>
</init-param>
<init-param>
<param-name>Content-Security-Policy</param-name>
<param-value>default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'</param-value>
</init-param>
<init-param>
<param-name>X-Frame-Options</param-name>
<param-value>DENY</param-value>
</init-param>
<init-param>
<param-name>Referrer-Policy</param-name>
<param-value>no-referrer</param-value>
</init-param>
<init-param>
<param-name>Permissions-Policy</param-name>
<param-value>geolocation=(), microphone=(), camera=()</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I have some questions:
1. Can Jira server 7.2.27 tomcat edit headers security?
2. If so, how do I do?
Thanks for any reply!
1 answer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.