Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

CORS error with Jira REST API on Cloud Edited

I'm attempting to write a script that will run from my local webserver and get a list of projects on my Jira cloud site. I'm the admin of the Jira site.

I'm trying to call the REST api via a javascript ajax call and getting a CORS error. I've searched here, but all of the solutions seem to be strictly for Jira Server, not cloud, as I have no access to the server itself.

Can anyone help me out?

 

Here's what my code looks like:

<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body>
<h1>Add Versions to Projects</h1>
<button id="getProjects">Get Projects</button>


<script>
$(document).ready(function() {


$('#getProjects').on('click', function () {
$.ajax({
type : 'GET',
url : "https://mysite.atlassian.net/rest/api/3/project/search",
// dataType : 'json',
data: {
contentType: "application/json"
},
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic <my username:api key");
xhr.setRequestHeader ("X-Atlassian-Token", "no-check");
//xhr.setRequestHeader ("Access-Control-Allow-Origin", "*");
xhr.setRequestHeader ("Accept", "*/*");
xhr.setRequestHeader ("Cache-Control", "no-cache");

},
success: function (data) {
console.log("data");
console.log(data);
}
});
// return false;
});

});

</script>

</body>

 

Here's the error I get:

"Access to XMLHttpRequest at 'https://mysite.atlassian.net/rest/api/3/project/search?contentType=application%2Fjson' from origin 'https://local.jiradev.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

 

Note that if I run the exact same URL with the same Basic authentication header from WebStorm's REST Client, I get my expected data in the response. (See screenshot.)

rest.png

4 answers

1 accepted

2 votes
Answer accepted

Hi @Tal Admon ,

 

This question has actually been answered in the below thread in the Atlassian developer community:

......

 We actually do support CORS requests when using https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/ 15, as your requests will go through api.atlassian.com 2 were token based authentication is the only thing we allow.

For further explanation: The problem why we don’t support CORS directly on your site host/domain is that we accept session based authentication on there, which would then allow any site to make random, authenticated requests to your site.

The alternative is to proxy your requests through your own backend....

.....

 

 

I hope this helps.

 

Cheers,
Dario

 

Dario B Atlassian Team Jun 12, 2019

@Tal Admon  In order to provide a bit more details (from the thread: Can I use an app token to access Jira Cloud from a JavaScript fetch?):

 ...

...out-of-the box CORS request are only supported when using OAuth 2.0 (3LO) for apps.

However, there are also ways to achieve this by proxying your requests, for example by using something like:

  • CORS Anywhere  (a NodeJS proxy which adds CORS headers to the proxied request)
...

I encounter the exact same issue - any luck finding a solution?

Dario B Atlassian Team Dec 10, 2019

Have you tried using CORS Anywhere  as already suggested? 

Hi @Esther Strom and @Tal Admon

Have you found a solution? Struggling with the same topic.

Cheers and thx - Mike

Dario B Atlassian Team Dec 10, 2019

Have you tried: CORS Anywhere  ? 

Esther Strom Community Leader Jan 06, 2020

@Mike S - I found a Firefox extension called CORS Everywhere that allows me to run both GET and POST requests without errors. Note that these scripts are both written and used only by me, so I'm willing to take the risk. I wouldn't go this route if I were writing code to be used by others, or trying to run code written by someone else.

Like Dario B likes this

CORS Anywhere works for making get request. However when trying to make post request it will fail with a 404 error. I have not be able to figure out a way around that. 

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you