Thank you for reaching out.
Indeed, we don't have a documentation on how to enable the HSTS on Jira, however, we created a feature request with our development team to provide us with that:
Feel free to vote and watch the suggestion to increase its priority and also receive notifications about any updates.
For now, can you check if the workaround provided in the feature request works for you? These would be the steps to implement it:
- Modify JIRA_Install/conf/web.xml (where server.xml is also located)
- Find the section between:<!-- ================== Built In Filter Definitions ===================== -->
and<!-- ==================== Built In Filter Mappings ====================== -->
- Add these lines to that section:<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>hstsMaxAgeSeconds</param-name> <param-value>63072000</param-value> </init-param> <init-param> <param-name>antiClickJackingOption</param-name> <param-value>SAMEORIGIN</param-value> </init-param> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>
- Restart JIRA
Let us know if this information helps.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event