It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Enable CORS in Bitbucket REST API

I am developing a plugin that provides a REST API. I want to retrieve some data from the api that i provided and display it on an web application on a different URL. So now i need to enable CORS. But i am running into a lot of problems. The code of my api looks like this:

public class ProjectResource {

private ProjectMonitorService service;

ProjectResource(@ComponentImport ProjectMonitorService service) {
this.service = service;

public Response getMessage() {
return Response.ok(new ProjectResourceModel("Hell World", ""))
.header("Access-Control-Allow-Headers", "Authorization")
.header("Access-Control-Allow-Origin", "http://localhost:4200/")
.header("Access-Control-Allow-Methods", "OPTIONS, GET")
.header("Access-Control-Allow-Credentials", "*")

My client looks like this:

return this.http.get('http://localhost:7990/bitbucket/rest/project/1.0/project', { headers: new HttpHeaders().append('Authorization', 'Basic YWRtaW46YWRtaW4=') });  


OPTIONS http://localhost:7990/bitbucket/rest/project/1.0/project/number  XMLHttpRequest cannot load http://localhost:7990/bitbucket/rest/project/1.0/project/number. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 401  

Info: The authenticatin token is the one of the system admin   I tried putting a filter on the server that allows almost everything. The problem that i saw is that the Option method is not allowed and it is now possible to allow it(unsure). The problem is that the browser sends a OPTION preflight request. I have no clue how to enable the CORS, so can someone help me. 

2 answers

0 votes
Dario Atlassian Team Nov 15, 2017

Have you seen the below documentation page?


Also, not sure it can helps, but you can also have a look at: 


Finally, in case of no answers in here it may be a good idea to re-ask the same question into the developers' community:


I hope this helps.



Best Regards,

I'm running into the same or similar problem.  We have configured the server to return

Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, Range, X-Csrftoken, X-Requested-With, Cookie
Access-Control-Allow-Origin: http://{dynamically derived sub-domain:port}

But because the preflight OPTIONS requests are protected by the same authorization rules as the rest of the verbs (GET, POST, etc.) I can only access API results of Repositories that are configured to allow Public Access.  The authorization COOKIE is not sent on the preflight so I get a 401 from the preflight response and an error that the preflight was not completed with a 200 status.  However if I mark the repository as Allow Public cloning, the OPTIONS request returns 200 and the following GET is completed returning me pull-requests, branches, etc. The COOKIE IS sent on the GET because I do have withCredentials: true

I believe that the URL permission for bitbucket should be changed to allow anon for rest/api/* for OPTIONS requests and not have the same URI permissions applied for the remain projects/{project}/repos/{repo} portion of the URI

We could hack Apache to always return 200 from options requests, but that seems wrong.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

Atlassian supported Jenkins integration for Bitbucket Server

We’ve been building a plugin to integrate Bitbucket Server and Jenkins CI, and I’m excited to announce that our alpha is ready to download and install. It lets you seamlessly configure a Jenkins job ...

1,084 views 3 17
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you