Hello Keerthy,
Thank you for reaching out.
Indeed, we don't have a documentation on how to enable the HSTS on Jira, however, we created a feature request with our development team to provide us with that:
- Documentation Regarding HSTS Integration With JIRA
Feel free to vote and watch the suggestion to increase its priority and also receive notifications about any updates.
For now, can you check if the workaround provided in the feature request works for you? These would be the steps to implement it:
- Modify JIRA_Install/conf/web.xml (where server.xml is also located)
- Find the section between:
<!-- ================== Built In Filter Definitions ===================== -->
and
<!-- ==================== Built In Filter Mappings ====================== -->
- Add these lines to that section:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>63072000</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
- Restart JIRA
Let us know if this information helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.