Configuring the Whitelist

Configuring Global Settings

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

What is the 'Whitelist'?

For security reasons, you as an administrator may wish to limit the URLs from which users can source content that is displayed on your JIRA site (e.g. in an External Gadget). The JIRA 'Whitelist' is a list of URLs whose content you wish to make available to users of your JIRA site.

You can add URLs (or URL patterns) to your whitelist as described below. Alternatively, if your JIRA site and users do not have access to the internet, you can choose to 'Allow all URLs' (see below).

Note that URLs for which Application Links are configured are automatically whitelisted, so you do not need to add them to this list.

Editing the Whitelist

You can list specific URLs (or URL patterns) from which content will be allowed onto your JIRA site.

Select 'Restrict to whitelisted URL patterns' and use the form below to list specific URLs or URL patterns that are allowed. If you select 'Allow all URLs', content can be included from any URL, including possibly malicious content.

  1. Log in as a user with the JIRA System Administratorsglobal permission.
  2. Choose the cog icon  at top right of the screen, then choose System. Select Security > Whitelist to open the 'Whitelist' page, which shows a list of URLs (or URL patterns).
    (tick)Keyboard shortcut: g + g + type 'wh'
  3. On the 'Whitelist' page, you can either:
    • Allow all URLs to allow content from any URL, including potentially malicious content.
    • Restrict to whitelisted URL patterns and use the form below to list specific URLs or URL patterns.
      • Enter URL patterns to describe valid content sources. Enter one pattern per line according to the following format:
        • if the pattern starts with '=', only the exact URL following the '=' will be allowed
        • if the pattern starts with '/' then the whole pattern will be treated as a regular expression
        • otherwise, * characters in the pattern will be treated as wildcards to match 1 or more characters

Example

To allow all requests from

http://www.atlassian.com


enter the following:

http://www.atlassian.com/*
Last modified on May 7, 2013

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.