Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Retrieving a file from bitbucket REST API v2.0

petrvich
petrvich
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 12, 2018

Hi,

I have created simple page to download file from bitbucket (I have a pipeline which at the end of process upload file to repository download page).

 

My problem is when try to download file from angular page (I'm using api https://developer.atlassian.com/bitbucket/api/2/reference/resource/repositories/%7Busername%7D/%7Brepo_slug%7D/downloads/%7Bfilename%7D).

 

After creating GET request to api, the error response reason is 'Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.'

As a part of error message is a link to amazon AWS cloud - when I click on the link download file will start.

 

Could you please help me? 

 

Here is log from my browser ..

Screenshot from 2018-12-13 08-48-26.png

Answer
Watch
Like Be the first to like this
1515 views

1 answer

0 votes
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 17, 2018

Hello Petr and welcome to the Community!

It looks as though you have a very solid workflow and automation process going on. The error you are running into is due to the Bitbucket CORS. The simple resolution would be to add a header on your call to include;

Access-Control-Allow-Origin: *

Additional information can be found at: Cors and hypermedia

And the source of CORS (Cross-Origin Resource Sharing).

If you’re still running into an issue, please let us know.

Regards,
Stephen Sifers

View More Comments
petrvich
petrvich
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 17, 2018

Hi Stehen,

thank you for your answer and invitation.

it looks help, but the file is not possible to download yet. At this time I get another error. I have try to add Access-Control-Allow-Origin to Access-Control-Allow-Headers but it not help.

has been blocked by CORS policy: Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response.

Thanks for any help.

Petr

Like
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 18, 2018

Hello Petr,

I don't the know the exact answer to this. I did find there is another forum which seems to cover the same issue you're running into. Here is a summary to the responses (Please note these are not my answers):

Response 1;

When you start playing around with custom request headers you will get a CORS preflight. This is a request that uses the HTTP OPTIONS verb and includes several headers, one of which being Access-Control-Request-Headers listing the headers the client wants to include in the request.

You need to reply to that CORS preflight with the appropriate CORS headers to make this work. One of which is indeed Access-Control-Allow-Headers. That header needs to contain the same values the Access-Control-Request-Headers header contained (or more).

https://fetch.spec.whatwg.org/#http-cors-protocol explains this setup in more detail.

Response 2;

This is what you need to add to make it work.

response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT"); response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");

The browser sends a preflight request (with method type OPTIONS) to check if the service hosted on the server is allowed to be accessed from the browser on a different domain. In response to the preflight request if you inject above headers the browser understands that it is ok to make further calls and i will get a valid response to my actual GET/POST call. you can constraint the domain to which access is granted by using Access-Control-Allow-Origin", "localhost, xvz.com" instead of * . ( * will grant access to all domains)

Source forum where responses are posted: https://stackoverflow.com/questions/32500073/request-header-field-access-control-allow-headers-is-not-allowed-by-itself-in-pr

The answers in this reply are not my own nor Atlassian, they are referenced answers from a stackoverflow.com forums. Sources have been linked to where the posts were found.

Regards,
Stephen Sifers

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security