Cloud
Data Center 7.1
Versions

Configuring the whitelist

Configuring global settings

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Jira administrators can choose to allow incoming and outgoing connections and content from specified sources by adding URLs to the whitelist. 

Jira will display an error if content has been added that is not from an allowed source, and prompt the user to add the URL to the whitelist.

Application Links are automatically added to the whitelist. You do need to manually add them.

For all of the following procedures, you must be logged in as a user with the Jira Administrators global permission.

Add allowed URLs to the whitelist

  1. Choose > System
  2.  Select Security > Whitelist to open the Whitelist page.

  3. On the Whitelist page, enter the URL or expression you want to allow.
  4. Choose the Type of expression (see Expression Types below for examples).
  5. Choose Allow Incoming if you need to allow CORS requests (see below).
  6. Choose Add

Your URL or expression appears in the whitelist.

To test that your whitelisted URL is working as expected, you can enter a URL in the Test a URL field. Icons will indicate whether incoming or outgoing traffic is allowed for that URL.

Expression types

When adding a URL to the whitelist, you can choose from a number of expression types. 

TypeDescriptionExample
Domain nameAllows all URLs from the specified domain. http://www.example.com
Exact matchAllows only the specified URL. http://www.example.com/thispage
Wildcard ExpressionAllows all matching URLs. Use the wildcard * character to replace one or more characters. http://*example.com
Regular ExpressionAllows all URLs matching the regular expression.http(s)?://www\.example\.com

Allow incoming

Allow Incoming enables CORS requests from the specified origin. The URL must match the format scheme://host[:port], with no trailing slashes (:port is optional). So http://example.com/would not allow CORS requests from the domain example.com.

Disabling the whitelist

The whitelist is enabled by default. You can choose to disable the whitelist however this will allow all URLs, including malicious content, and is not recommended. 

  1. Choose > System
  2.  Select Security > Whitelist to open the Whitelist page.
  3. On the Whitelist page, click the Turn off whitelist button.
  4. Choose Confirm

All URLs will now be allowed. Unless your instance is running in an environment without internet access, we do not recommend disabling the whitelist.

Last modified on Apr 19, 2018

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.