Disabling JIRA Security Headers with proxy

zmiller · April 23, 2019, 1:11pm

Hi all,

Our team is currently looking to embed a JIRA service desk support portal into a web page owned by our company. The issue here is that these web sites have different URL’s. This means that when we attempt to embed the page the security headers in JIRA prevent this. I found that we can disable them for the whole JIRA instance using Security headers in JIRA | Jira | Atlassian Documentation . This solution though, fails our companies security policy. I was wondering if there would be a way to disable these for certain outbound addresses using our proxy. IE, only remove the headers when traffic is going to a certain destination.

Any ideas? or have I taken the entirely wrong approach to this?

sfbehnke · April 23, 2019, 2:51pm

What webserver are you using? This seems reasonable to me.

zmiller · April 23, 2019, 3:06pm

I believe that we are currently using apache tomcat.

sfbehnke · April 23, 2019, 5:25pm

Pardon, Tomcat is the embedded web container that Jira runs within. For your proxy, what are you using? Perhaps Apache HTTPD or Nginix? HAProxy?

zmiller · April 24, 2019, 12:40pm

I checked and it appears that we are using Apache HTTPD. Sorry for any confusion and thanks for the help