I´m calling JIRA REST API from JavaScript in a Confluence User Macro and I´m facing CORS issues because JIRA and Confluence are on two different domains and preflight request . I have tried several CORS solutions as described below, without any success. So Im begging for some input from others that probably have solved this issue.
AJS.$.ajax({ type: "GET", url: "http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)", dataType: "json", contentType: "application/json", async: false })
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45). This can be fixed by moving the resource to the same domain or enabling CORS.
Access-Control-Allow-Headers:origin, content-type, accept
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:*
Access-Control-Allow-Origin:*
ismar.slomic$ curl -X OPTIONS "http://jira.mydomain.com/rest/api/latest/search/?jql=issue in issueLink(SR-55)" -v * Trying 10.107.1.24... * Connected to jira.mydomain.com (127.0.0.1) port 80 (#0) > OPTIONS /rest/api/latest/search/?jql=issue in issueLink(SR-55) HTTP/1.1 > Host: jira.mydomain.com > User-Agent: curl/7.43.0 > Accept: */* > * Empty reply from server * Connection #0 to host jira.mydomain.com left intact curl: (52) Empty reply from server
This seems to be positive response.
OPTIONS http://jira.mydomain.com/rest/api/latest/search/?jql=issue in issueLink(SR-55)
Response error: Could not get any response. This seems to be like an error connecting to http://jira.mydomain.com/rest/api/latest/search/?jql=issue in issueLink(SR-55)
I had the exact same problem with my Angular application connection to JIRA REST Api.
GET request wasnt the problem - Access Control Header were correct there.
The problem is that response for OPTIONS (preflight) request doesnt contain Access-Control-Accept-Origin header.
I guess because JIRA application doesnt run on OPTIONS request and cant return the origins from whitelist at this point.
I worked around this issue by configuring the following on the Apache VirtualHost which has ProxyPass to Tomcat:
SetEnvIf Request_Method "OPTIONS" IS_OPTIONS_REQUEST
Header add Access-Control-Allow-Origin: "http://localhost:4200" env=IS_OPTIONS_REQUEST
Header add Access-Control-Allow-Methods: "POST, GET, OPTIONS" env=IS_OPTIONS_REQUEST
Header add Access-Control-Allow-Headers: "authorization,content-type" env=IS_OPTIONS_REQUEST
This way i define the nessesary CORS headers on OPTIONS request. Please keep the condition and done make your server respond with this headers on GET, because JIRA will add its own Access-Control-Allow-Origin Header on GET and thus it would be doubled.
Then your browser would complain about "Only one Access-Control-Allow-Origin header is allowed on Response headers.
This entirely solves my problem. Thinking about making the value a wildcard now to dont need to maintain the value. GET will anyway contain the values from whitelist.
Cheers Ben
If i run a normal plugin with a REST api where do I have to write this? Which directory and which file.
Info: I did nothing special to the server, normal localhost running on tomcat.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I tried get rest data from JIRA in JS.
baseUrl = "https://url"; var response = httpGet("/rest/..., baseUrl); function httpGet(theUrl, baseUrl) { var xmlHttp = new XMLHttpRequest(); xmlHttp.open( "GET", theUrl, false ); // false for synchronous request xmlHttp.setRequestHeader('Access-Control-Allow-Origin', baseUrl); xmlHttp.send( null ); return xmlHttp.responseText; }
REMOVE base url from link make browser to substitute it himself and not touch Access-Control exception
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can do it through applinks path. Please see Philip's answer: https://answers.atlassian.com/questions/209914
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This link is broken :(
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.