Recently we have developed an application in angular to call (GET request) JIRA Service Desk Cloud API https://channel4.atlassian.net/rest/api/3/search from our domain but we are getting below errors
=========================
from origin 'http://localhost:3001' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
==============================
Can you please ans. the following question
1. Does adding of domin in JIRA Whitelist will resolve the issue ?? If yes how to configure the same in Jira Service Desk Cloud
2. What will be the expected header options to call Jira REST API to avoid CORS ?
3. Angular production build does not support Proxy hence how to resolve this issue ?
4. How to add domin in Jira Service Desk to make a particular domain as safe to call
Regards,
Prosenjit Das
Hi,
I understand that you created an application in Angular in order to interact with Jira Service Desk Cloud APIs, but that in the process of this you are getting a preflight CORS request that is blocked.
This is not something that Jira Cloud's Whitelist/Allowlist will permit. Please see the related thread in https://community.atlassian.com/t5/Jira-questions/CORS-error-with-Jira-REST-API-on-Cloud/qaq-p/1018216 and https://community.developer.atlassian.com/t/cors-error-with-rest-api/27354 These threads explain that in order for these kinds of requests from your localhost site to work, you will need to use the OAuth 2.0 (3LO) for apps guide.
From that second thread:
For further explanation: The problem why we don’t support CORS directly on your site host/domain is that we accept session based authentication on there, which would then allow any site to make random, authenticated requests to your site.
The alternative is to proxy your requests through your own backend
Dario then mentions back on the first thread that some users have used packages such as CORS Anywhere in order to proxy these requests and re-write the CORS headers that way as a different work-around for this problem.
I hope this helps.
Andy
Hi Andy,
I also tried to connect Session based authentication using below URL but seems Jira Cloud does not support session based authentication. Can you please check and suggest if below URL is correct.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Atlassian deprecated cookie based auth and the use of passwords in basic auth last year. The deprecation notice has more details about this in https://developer.atlassian.com/cloud/jira/platform/deprecation-notice-basic-auth-and-cookie-based-auth/
It does note
The following Jira Cloud REST API endpoint will be removed:
That said, it is still possible that you could use basic auth to make REST API calls to Jira Cloud, but you would need to closely follow the guide in https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/
It explains that your account will need to generate an REST API token and then use that token to generate a string of email:token and then base64 encode that string. That encoded string can then be passed in an authorization header as one way to make these calls.
Andy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.