It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

CORS error with Jira REST API on Cloud Edited

I'm attempting to write a script that will run from my local webserver and get a list of projects on my Jira cloud site. I'm the admin of the Jira site.

I'm trying to call the REST api via a javascript ajax call and getting a CORS error. I've searched here, but all of the solutions seem to be strictly for Jira Server, not cloud, as I have no access to the server itself.

Can anyone help me out?

 

Here's what my code looks like:

<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body>
<h1>Add Versions to Projects</h1>
<button id="getProjects">Get Projects</button>


<script>
$(document).ready(function() {


$('#getProjects').on('click', function () {
$.ajax({
type : 'GET',
url : "https://mysite.atlassian.net/rest/api/3/project/search",
// dataType : 'json',
data: {
contentType: "application/json"
},
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic <my username:api key");
xhr.setRequestHeader ("X-Atlassian-Token", "no-check");
//xhr.setRequestHeader ("Access-Control-Allow-Origin", "*");
xhr.setRequestHeader ("Accept", "*/*");
xhr.setRequestHeader ("Cache-Control", "no-cache");

},
success: function (data) {
console.log("data");
console.log(data);
}
});
// return false;
});

});

</script>

</body>

 

Here's the error I get:

"Access to XMLHttpRequest at 'https://mysite.atlassian.net/rest/api/3/project/search?contentType=application%2Fjson' from origin 'https://local.jiradev.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

 

Note that if I run the exact same URL with the same Basic authentication header from WebStorm's REST Client, I get my expected data in the response. (See screenshot.)

rest.png

4 answers

1 accepted

1 vote
Answer accepted

Hi @Tal Admon ,

 

This question has actually been answered in the below thread in the Atlassian developer community:

......

 We actually do support CORS requests when using https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/ 15, as your requests will go through api.atlassian.com 2 were token based authentication is the only thing we allow.

For further explanation: The problem why we don’t support CORS directly on your site host/domain is that we accept session based authentication on there, which would then allow any site to make random, authenticated requests to your site.

The alternative is to proxy your requests through your own backend....

.....

 

 

I hope this helps.

 

Cheers,
Dario

 

@Tal Admon  In order to provide a bit more details (from the thread: Can I use an app token to access Jira Cloud from a JavaScript fetch?):

 ...

...out-of-the box CORS request are only supported when using OAuth 2.0 (3LO) for apps.

However, there are also ways to achieve this by proxying your requests, for example by using something like:

  • CORS Anywhere  (a NodeJS proxy which adds CORS headers to the proxied request)
...

I encounter the exact same issue - any luck finding a solution?

Have you tried using CORS Anywhere  as already suggested? 

Hi @Esther Strom and @Tal Admon

Have you found a solution? Struggling with the same topic.

Cheers and thx - Mike

Have you tried: CORS Anywhere  ? 

@Mike_S - I found a Firefox extension called CORS Everywhere that allows me to run both GET and POST requests without errors. Note that these scripts are both written and used only by me, so I'm willing to take the risk. I wouldn't go this route if I were writing code to be used by others, or trying to run code written by someone else.

Like Dario_Bonotto likes this

CORS Anywhere works for making get request. However when trying to make post request it will fail with a 404 error. I have not be able to figure out a way around that. 

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you