i am developing a react application with a java backend; right now i need a way to integrate with Jira Software Cloud. I need to create tickets via REST API call directly from front-end.
When i try to make a POST request it shows me CORS policy error. I have searched the internet and found out that there is a way to whitelist domain, but this is possible only in Jira Server.
My question is: is there a way to avoid CORS block when making a POST request from React front-end to Jira Software Cloud? Can i avoid use of backend?
Ciao @Raffaele Messina ,
Welcome to the Atlassian Community!
As you can read in the below thread in the developers community CORS are only supported when using Oauth2 in Jira Cloud:
We actually do support CORS requests when using https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/, as your requests will go through api.atlassian.com where token based authentication is the only thing we allow.
For further explanation: The problem why we don’t support CORS directly on your site host/domain is that we accept session based authentication on there, which would then allow any site to make random, authenticated requests to your site.
The alternative is to proxy your requests through your own backend
Therefore, you have 2 options:
I hope this helps.
Finally, for the future, please notice that this is not the best place to get help on development related questions. The right resources are listed in https://developer.atlassian.com/resources.
i read the documentation about OAuth2 (3LO), and from what i've understood, the user must be prompted with a screen where he basically logs in; in my case i am in a Java backend, and i can't display user a new page where to authenticate.
is it possible to use OAuth2 3LO without the need of user interaction?
i don't know why but in the java client my POST always gets the error "please specify a valid project id or key", while the same POST request, sent via Postman gives me a success and create the tickets on my poject.
The payload is the same, and the Authentication method is Basic Auth (email:api_key 64encoded)
Your understanding is correct. Therefore, in your case, use a CORS proxy like the one already mentioned or you may also want to review:
As per the error with your java client, you can proceed as it follows:
I hope this helps.
Hello Community! Quick disclaimer: We are running a contest on Community (The Atlympics!) from July 23rd - August 8th of 2021. If you are interested in participating in this contest (prizes! ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events