Hey.
Can I modify CSP to use noonce to restrict using inline scripts? Or what are the possibilities to solve my problem?
Best wishes,
Magnus
You will need to explain what you mean by "CSP" and what it has to do with Atlassian software.
Oh yes. Sorry for my poor explanation.
I'm talking about security headers. Right now csp is set as: Content-Security-Policy: frame-ancestors 'self'
But it allows to run inline scripts in jira. So you can run HTML <script> elements or on-event handlers to run XSS type attacks.
So the resulution is to calculate every script hash or use nonce. But can I change these settings in jira? Can i set csp to nonce and if yes then how and where?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Join us June 26, 11am PT for a webinar with Atlassian Champion Robert Hean & Loom’s Brittany Soinski. Hear tips, stories, and get your burning questions answered. Learn how Loom makes training and enablement easier. Don’t miss it!
Register todayOnline forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.