As a security measure, we are thinking of disallowing all the HTTP methods on our JIRA instance except the functionally required ones. The required HTTP methods at the moment I can think of are GET and POST.
Is there any functional impact if we disallow methods other than GET and POST?
Don't do this without fully understanding jira. The rest stuff uses PUT and DELETE for example. If for instance you restrict to get and post you will not be able to update roles in jira.
The rest stuff means the remote API + gadgets?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Some of the internal servlets use REST, as well as the external API and gadgets.
I really wouldn't do this without significant testing of every function in the UI, especially the admin side of it.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
REST is not a HTTP method defined in the RFC 2616. REST is actually HTTP GET, isn't it?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.