Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

CORS error with Jira REST API on Cloud

Esther Strom
Esther Strom February 25, 2019

I'm attempting to write a script that will run from my local webserver and get a list of projects on my Jira cloud site. I'm the admin of the Jira site.

I'm trying to call the REST api via a javascript ajax call and getting a CORS error. I've searched here, but all of the solutions seem to be strictly for Jira Server, not cloud, as I have no access to the server itself.

Can anyone help me out?

 

Here's what my code looks like:

<head>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body>
<h1>Add Versions to Projects</h1>
<button id="getProjects">Get Projects</button>


<script>
$(document).ready(function() {


    $('#getProjects').on('click', function () {
        $.ajax({
            type : 'GET',
            url : "https://mysite.atlassian.net/rest/api/3/project/search",
           // dataType : 'json',
            data: {
                contentType: "application/json"
            },
            beforeSend: function (xhr) {
                xhr.setRequestHeader ("Authorization", "Basic <my username:api key");
                xhr.setRequestHeader ("X-Atlassian-Token", "no-check");
                //xhr.setRequestHeader ("Access-Control-Allow-Origin", "*");
                xhr.setRequestHeader ("Accept", "*/*");
                xhr.setRequestHeader ("Cache-Control", "no-cache");

            },
            success: function (data) {
                console.log("data");
                console.log(data);
            }
        });
    // return false;
    });

});

</script>

</body>

 

Here's the error I get:

"Access to XMLHttpRequest at 'https://mysite.atlassian.net/rest/api/3/project/search?contentType=application%2Fjson' from origin 'https://local.jiradev.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

 

Note that if I run the exact same URL with the same Basic authentication header from WebStorm's REST Client, I get my expected data in the response. (See screenshot.)

rest.png

Answer
Watch
Like # people like this
20467 views

4 answers

1 accepted

3 votes
Answer accepted
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 11, 2019

Hi @Tal Admon ,

 

This question has actually been answered in the below thread in the Atlassian developer community:

......

 We actually do support CORS requests when using https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/ 15, as your requests will go through api.atlassian.com 2 were token based authentication is the only thing we allow.

For further explanation: The problem why we don’t support CORS directly on your site host/domain is that we accept session based authentication on there, which would then allow any site to make random, authenticated requests to your site.

The alternative is to proxy your requests through your own backend....

.....

 

 

I hope this helps.

 

Cheers,
Dario

 

View More Comments
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 12, 2019

@Tal Admon  In order to provide a bit more details (from the thread: Can I use an app token to access Jira Cloud from a JavaScript fetch?):

 ...

...out-of-the box CORS request are only supported when using OAuth 2.0 (3LO) for apps.

However, there are also ways to achieve this by proxying your requests, for example by using something like:

  • CORS Anywhere  (a NodeJS proxy which adds CORS headers to the proxied request)
...
Like Eduardo Sampaio Muller likes this
Reply
0 votes
Deleted user January 4, 2020

CORS Anywhere works for making get request. However when trying to make post request it will fail with a 404 error. I have not be able to figure out a way around that. 

Reply
0 votes
Mike S
Mike S December 8, 2019

Hi @Esther Strom and @Tal Admon

Have you found a solution? Struggling with the same topic.

Cheers and thx - Mike

View More Comments
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 10, 2019

Have you tried: CORS Anywhere  ? 

Like
Esther Strom
Esther Strom
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 6, 2020

@Mike S - I found a Firefox extension called CORS Everywhere that allows me to run both GET and POST requests without errors. Note that these scripts are both written and used only by me, so I'm willing to take the risk. I wouldn't go this route if I were writing code to be used by others, or trying to run code written by someone else.

Like Dario B likes this
Reply
0 votes
Tal Admon
Tal Admon June 2, 2019

I encounter the exact same issue - any luck finding a solution?

View More Comments
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 10, 2019

Have you tried using CORS Anywhere  as already suggested? 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events