I need to force using https protocol on rest/api (I mean https://domain.com/rest/api/*) but unfortunately I couldn't manage to do that.
I've modified WEB-INF/web.xml and added these lines:
<security-constraint>
<display-name>HTTP to HTTPs Redirection</display-name>
<web-resource-collection>
<web-resource-name>all-except-attachments</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspa</url-pattern>
<url-pattern>/rest/*</url-pattern>
<url-pattern>/browse/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
but still it's possible to load rest api using http protocol. Of course my JIRA site is force to https method but not rest API
http://domain.com => it's always redirects to https
http://domain.com/rest/api/* => not redirects to https
Can anyone point me how I manage to force using https protocol on rest api?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.