CORS issues with JIRA REST API even after adding to whitelist

Mina April 15, 2016

First of all, I apologize if anything I'm doing may seem extremely stupid (for lack of a better word) or wrong, as I have never developed a plugin before and don't work much in this area. 

I'm attempting to develop a plugin that has a button on a JIRA issue related to a test case and it will kick off a Jenkins build for the particular test case. When trying to use the JIRA REST API, I get errors regarding the CORS headers. I added localhost (since this is where I'm developing the plugin) to JIRA whitelist. I even went as far as to add many different variations since it still wasn't working.

After fixing this issue, I began experiencing authentication issues. The button executes some javascript code so from what I have seen, it doesn't seem like it's really possible to send authentication through javascript. So, I decided to use the auth/1/session login which does: 

Creates a new session for a user in JIRA. Once a session has been successfully created it can be used to access any of JIRA's remote APIs and also the web UI by passing the appropriate HTTP Cookie header.

Note that it is generally preferrable to use HTTP BASIC authentication with the REST API. However, this resource may be used to mimic the behaviour of JIRA's log-in page (e.g. to display log-in errors to a user).

I attempted to do so this way:

var credentials = {"username": "admin", "password": "admin"};
var authURL = "http://localhost:2990/jira/auth/1/session";

var postClient = new XMLHttpRequest();
postClient.open("POST", authURL, false);
postClient.setRequestHeader("Content-type", "application/json");
postClient.send(credentials);

postClient.onreadystatechange = function () {
    if(postClient.readyState == 4) {
        console.log(postClient.responseText);
    }
}

but when I tried this I got:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. 

which is more or less the same, but sort of different I guess. I'm kind of at my witt's end here so, any help is greatly appreciated.

2 answers

0 votes
stevie6410 September 21, 2016

I am also having this issue, have tried adding domains to the whitelist, disabling the whitelist completely and adding CORS filters to tomcat. Restarting the services each time. It appears that the whitelist just dosent work. Tried IPs and domain names. 

Any suggestions on what I could be missing here?

0 votes
dsanchezpillot July 22, 2016

I'm facing the same situation, I even tried to enable CORS in Tomcat and still I get the forbidden response, the whitelist simply doesn't work, I can turn it off completely and still receive the 403 forbidden response. Will keep looking into it and post the results.

Suggest an answer

Log in or Sign up to answer