Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Disallow HTTP methods that are functionally NOT required

Sameera Shaakun2
Sameera Shaakunthala [inactive]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 25, 2013

As a security measure, we are thinking of disallowing all the HTTP methods on our JIRA instance except the functionally required ones. The required HTTP methods at the moment I can think of are GET and POST.

Is there any functional impact if we disallow methods other than GET and POST?

Answer
Watch
Like Be the first to like this
1632 views

1 answer

1 accepted

1 vote
Answer accepted
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 25, 2013

Don't do this without fully understanding jira. The rest stuff uses PUT and DELETE for example. If for instance you restrict to get and post you will not be able to update roles in jira.

View More Comments
Sameera Shaakun2
Sameera Shaakunthala [inactive]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 25, 2013

The rest stuff means the remote API + gadgets?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 25, 2013

Some of the internal servlets use REST, as well as the external API and gadgets.

I really wouldn't do this without significant testing of every function in the UI, especially the admin side of it.

Like
Sameera Shaakun2
Sameera Shaakunthala [inactive]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 30, 2013

REST is not a HTTP method defined in the RFC 2616. REST is actually HTTP GET, isn't it?

Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 30, 2013

No... see https://en.wikipedia.org/wiki/Representational_state_transfer

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events