Class HttpSecurityStep
java.lang.Object
com.atlassian.jira.web.filters.steps.security.HttpSecurityStep
- All Implemented Interfaces:
FilterStep
Sets the following security headers on each HTTP response:
During the setup
All assets will have clickjacking protection as well.
- REFERRER-POLICY with "strict-origin-when-cross-origin"
- X_XSS_PROTECTION with "1; mode=block"
- X_CONTENT_TYPE_OPTIONS with "nosniff"
- X_FRAME_OPTIONS with "SAMEORIGIN"
- CONTENT_SECURITY_POLICY with "frame-ancestors \'self\'"
HttpSecurityConfig.
During the setup
HttpSecurityConfig is not present, so that each HTTP response will contain
clickjacking protection.
All assets will have clickjacking protection as well.
- Since:
- 7.6
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbeforeDoFilter(FilterCallContext context) This is called to before the filterChain.doFilter() method is calledfinallyAfterDoFilter(FilterCallContext context) This is called after the filterChain.doFilter() method is called in a finally {} block
-
Constructor Details
-
HttpSecurityStep
public HttpSecurityStep()
-
-
Method Details
-
beforeDoFilter
Description copied from interface:FilterStepThis is called to before the filterChain.doFilter() method is called- Specified by:
beforeDoFilterin interfaceFilterStep- Parameters:
context- the context of the filter step call
-
finallyAfterDoFilter
Description copied from interface:FilterStepThis is called after the filterChain.doFilter() method is called in a finally {} block- Specified by:
finallyAfterDoFilterin interfaceFilterStep- Parameters:
context- the context of the filter step call
-