Restrict access to add-on descriptor only to *.atlassian.net host

Hi, I’m wondering if there is a way to use whitelisting in spring boot as it is implemented in express (https://bitbucket.org/atlassian/atlassian-connect-express/src/master/)

“whitelist”: [
.jira-dev.com",
"
.atlassian.net”,
“*.jira.com”
]

Basically I want to restrict access to descriptor from atlassian hosts only.

Thanks

1 Like

Hi glib.briia,

May be you can use the CrossOrigin annotation like this: @CrossOrigin(origins = “.atlassian.net”) on your controller method. Can you give it a try?

Kind regards,
Paulo Alves.

Hi @glib.briia,

no, I’m afraid that is not currently supported. The framework handles the installation callback for you, so I’m not sure how you would go about adding it. Feel free to raise a feature request in ACSPRING.

Cheers,
Einar

Hi @epehrson,

Thank you for your reply. Feature request raised https://ecosystem.atlassian.net/browse/ACSPRING-82

Regards,
Glib