Configuring the whitelist

Owned by Alex
Last updated: Sept 30, 2019
1 min read

We don't recommend disabling whitelisting

Disabling whitelist will make your server susceptible to SSRF attacks.

Content of response won't be available, but kinds of network discovery attacks are possible.

 

Whitelisting is necessary in order to allow your users to subscribe to calendars of only certain Domains/Url, this allows you to clearly limit subscription only web-resources trusted by you.

For all of the following procedures, you must be logged in as a user with the JIRA Administrators global permission.

 

Add allowed URLs to the whitelist

  1. Choose > Manage apps.

  2. Select DOITBETTER CALENDAR > Subscriptions settings> Whitelist to open the Whitelist page.

  3. On the Whitelist page, enter the URL or expression you want to allow.

  4. Choose the Type of expression (see Expression Types below for examples).

  5. Choose Save.

 

Your URL or expression appears in the whitelist.

To test that your whitelisted URL is working as expected, you can subscribe to any calendars on trusted URL. Do it as described here.