Modify Attachment Security Policy

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Purpose

Modify the Attachment Security Policy to control how attachments are handled within Jira, by either forcing the download of an attachment or displaying it inline.

Solution

The attachment settings can be modified within the Jira configuration.

  1. Navigate to 'Jira Administration -> System'.
  2. Select the 'Edit Settings' button near the top right corner.
  3. Locate the option 'Internet Explorer MIME Sniffing Security Hole Workaround Policy'.
Available Options
  • Insecure: inline display of attachments
  • Secure: forced download of attachments for all browsers
  • Work around Internet Explorer security hole


Attachment viewing security options for cross-site site scripting vulnerabilities present in Internet Explorer 7 and earlier. Use the workaround to reduce the risk of attacks to IE users via attachments. Use download-only mode to sacrifice attachment viewing convenience in all browsers and gain ultimate protection against hostile attachments. See JIRA Security Advisory 2008-08-26


DescriptionModify the Attachment Security Policy
ProductJira
Last modified on Dec 31, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.