Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

CORS ERROR WITH JIRA Service Desk Cloud REST API

PDas
PDas August 24, 2020

Recently we have developed an application in angular to call (GET request) JIRA Service Desk Cloud API https://channel4.atlassian.net/rest/api/3/search from our domain but we are getting below errors

 

=========================

from origin 'http://localhost:3001' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

==============================

Can you please ans. the following question 

 

1. Does adding of domin in JIRA Whitelist will resolve the issue ?? If yes how to configure the same in Jira Service Desk Cloud

 

2. What will be the expected header options to call Jira REST API to avoid CORS ?

 

3. Angular production build does not support Proxy hence how to resolve this issue ?

 

4. How to add domin in Jira Service Desk to make a particular domain as safe to call 

 

 

Regards,

 

Prosenjit Das

Answer
Watch
Like Be the first to like this
1538 views

1 answer

0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 26, 2020

Hi,

I understand that you created an application in Angular in order to interact with Jira Service Desk Cloud APIs, but that in the process of this you are getting a preflight CORS request that is blocked.

This is not something that Jira Cloud's Whitelist/Allowlist will permit.  Please see the related thread in https://community.atlassian.com/t5/Jira-questions/CORS-error-with-Jira-REST-API-on-Cloud/qaq-p/1018216 and https://community.developer.atlassian.com/t/cors-error-with-rest-api/27354  These threads explain that in order for these kinds of requests from your localhost site to work, you will need to use the OAuth 2.0 (3LO) for apps guide

From that second thread:

For further explanation: The problem why we don’t support CORS directly on your site host/domain is that we accept session based authentication on there, which would then allow any site to make random, authenticated requests to your site.

The alternative is to proxy your requests through your own backend

Dario then mentions back on the first thread that some users have used packages such as CORS Anywhere in order to proxy these requests and re-write the CORS headers that way as a different work-around for this problem.

I hope this helps.

Andy

View More Comments
PDas
PDas August 26, 2020

Hi Andy,

I also tried to connect Session based authentication using below URL but seems Jira Cloud does not support session based authentication. Can you please check and suggest if below URL is correct.

 

https://channel4.atlassian.net/rest/auth/1/session

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 31, 2020

Atlassian deprecated cookie based auth and the use of passwords in basic auth last year.  The deprecation notice has more details about this in https://developer.atlassian.com/cloud/jira/platform/deprecation-notice-basic-auth-and-cookie-based-auth/

It does note

The following Jira Cloud REST API endpoint will be removed:

That said, it is still possible that you could use basic auth to make REST API calls to Jira Cloud, but you would need to closely follow the guide in https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/

It explains that your account will need to generate an REST API token and then use that token to generate a string of email:token and then base64 encode that string.  That encoded string can then be passed in an authorization header as one way to make these calls.

Andy

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events