Package com.atlassian.jira.web.filters.steps.security


package com.atlassian.jira.web.filters.steps.security
  • Class
    Description
    Configuration for applying HTTP Security Headers, here: X_FRAME_OPTIONS and CONTENT_SECURITY_POLICY which may prevent clickjacking attacks but also blocks resources to be embedded in iframes (etc).
    Sets the following security headers on each HTTP response: REFERRER-POLICY with "strict-origin-when-cross-origin" X_XSS_PROTECTION with "1; mode=block" X_CONTENT_TYPE_OPTIONS with "nosniff" X_FRAME_OPTIONS with "SAMEORIGIN" CONTENT_SECURITY_POLICY with "frame-ancestors \'self\'" While the last two (X_FRAME_OPTIONS, CONTENT_SECURITY_POLICY) are about preventing clickjacking attacks, but also blocks resources to be embedded in iframes (etc).