Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Enable CORS in Bitbucket REST API

Joel Suter
Joel Suter September 8, 2017

I am developing a plugin that provides a REST API. I want to retrieve some data from the api that i provided and display it on an web application on a different URL. So now i need to enable CORS. But i am running into a lot of problems. The code of my api looks like this:

@Path("/project")
@CrossOrigin("http://localhost:4200/")
public class ProjectResource {

    private ProjectMonitorService service;

    @Inject
    ProjectResource(@ComponentImport ProjectMonitorService service) {
        this.service = service;
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    public Response getMessage() {
        return Response.ok(new ProjectResourceModel("Hell World", ""))
                .header("Access-Control-Allow-Headers", "Authorization")
                .header("Access-Control-Allow-Origin", "http://localhost:4200/")
                .header("Access-Control-Allow-Methods", "OPTIONS, GET")
                .header("Access-Control-Allow-Credentials", "*")
                .build();
    }

My client looks like this:

return this.http.get('http://localhost:7990/bitbucket/rest/project/1.0/project', { headers: new HttpHeaders().append('Authorization', 'Basic YWRtaW46YWRtaW4=') });  

Error:

OPTIONS http://localhost:7990/bitbucket/rest/project/1.0/project/number  XMLHttpRequest cannot load http://localhost:7990/bitbucket/rest/project/1.0/project/number. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 401  

Info: The authenticatin token is the one of the system admin   I tried putting a filter on the server that allows almost everything. The problem that i saw is that the Option method is not allowed and it is now possible to allow it(unsure). The problem is that the browser sends a OPTION preflight request. I have no clue how to enable the CORS, so can someone help me. 

Answer
Watch
Like Be the first to like this
6192 views

2 answers

0 votes
Drew Thompson
Drew Thompson October 22, 2018

I'm running into the same or similar problem.  We have configured the server to return

Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, Range, X-Csrftoken, X-Requested-With, Cookie
Access-Control-Allow-Origin: http://{dynamically derived sub-domain:port}

But because the preflight OPTIONS requests are protected by the same authorization rules as the rest of the verbs (GET, POST, etc.) I can only access API results of Repositories that are configured to allow Public Access.  The authorization COOKIE is not sent on the preflight so I get a 401 from the preflight response and an error that the preflight was not completed with a 200 status.  However if I mark the repository as Allow Public cloning, the OPTIONS request returns 200 and the following GET is completed returning me pull-requests, branches, etc. The COOKIE IS sent on the GET because I do have withCredentials: true

I believe that the URL permission for bitbucket should be changed to allow anon for rest/api/* for OPTIONS requests and not have the same URI permissions applied for the remain projects/{project}/repos/{repo} portion of the URI


We could hack Apache to always return 200 from options requests, but that seems wrong.

Reply
0 votes
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 15, 2017

Have you seen the below documentation page?

 

Also, not sure it can helps, but you can also have a look at: 

 

Finally, in case of no answers in here it may be a good idea to re-ask the same question into the developers' community:

 

I hope this helps.

 

 


Best Regards,
Dario

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events