Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

CSP

Magnus Tamm December 16, 2019

Hey.

Can I modify CSP to use noonce to restrict using inline scripts? Or what are the possibilities to solve my problem?

Best wishes,

Magnus

1 answer

0 votes
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 16, 2019

You will need to explain what you mean by "CSP" and what it has to do with Atlassian software.

Magnus Tamm December 16, 2019

Oh yes. Sorry for my poor explanation. 

I'm talking about security headers. Right now csp is set as: Content-Security-Policy: frame-ancestors 'self'

But it allows to run inline scripts in jira. So you can run HTML <script> elements or on-event handlers to run XSS type attacks. 

So the resulution is to calculate every script hash or use nonce. But can I change these settings in jira? Can i set csp to nonce and if yes then how and where?

Suggest an answer

Log in or Sign up to answer
TAGS
atlassian, loom, loom for training, loom for teaching, video training, async learning, online education, screen recording, loom tutorials, loom use cases, atlassian learning, team training tools, instructional video, virtual training tools

🛗 Elevate Your Training and Enablement with Loom

Join us June 26, 11am PT for a webinar with Atlassian Champion Robert Hean & Loom’s Brittany Soinski. Hear tips, stories, and get your burning questions answered. Learn how Loom makes training and enablement easier. Don’t miss it!

Register today
AUG Leaders

Atlassian Community Events