CORS issues with JIRA REST API even after adding to whitelist

First of all, I apologize if anything I'm doing may seem extremely stupid (for lack of a better word) or wrong, as I have never developed a plugin before and don't work much in this area. 

I'm attempting to develop a plugin that has a button on a JIRA issue related to a test case and it will kick off a Jenkins build for the particular test case. When trying to use the JIRA REST API, I get errors regarding the CORS headers. I added localhost (since this is where I'm developing the plugin) to JIRA whitelist. I even went as far as to add many different variations since it still wasn't working.

After fixing this issue, I began experiencing authentication issues. The button executes some javascript code so from what I have seen, it doesn't seem like it's really possible to send authentication through javascript. So, I decided to use the auth/1/session login which does: 

Creates a new session for a user in JIRA. Once a session has been successfully created it can be used to access any of JIRA's remote APIs and also the web UI by passing the appropriate HTTP Cookie header.

Note that it is generally preferrable to use HTTP BASIC authentication with the REST API. However, this resource may be used to mimic the behaviour of JIRA's log-in page (e.g. to display log-in errors to a user).

I attempted to do so this way:

var credentials = {"username": "admin", "password": "admin"};
var authURL = "http://localhost:2990/jira/auth/1/session";

var postClient = new XMLHttpRequest();
postClient.open("POST", authURL, false);
postClient.setRequestHeader("Content-type", "application/json");
postClient.send(credentials);

postClient.onreadystatechange = function () {
    if(postClient.readyState == 4) {
        console.log(postClient.responseText);
    }
}

but when I tried this I got:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. 

which is more or less the same, but sort of different I guess. I'm kind of at my witt's end here so, any help is greatly appreciated.

2 answers

I'm facing the same situation, I even tried to enable CORS in Tomcat and still I get the forbidden response, the whitelist simply doesn't work, I can turn it off completely and still receive the 403 forbidden response. Will keep looking into it and post the results.

I am also having this issue, have tried adding domains to the whitelist, disabling the whitelist completely and adding CORS filters to tomcat. Restarting the services each time. It appears that the whitelist just dosent work. Tried IPs and domain names. 

Any suggestions on what I could be missing here?

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published yesterday in Jira

5 ways you can make the most of Jira Software and Bitbucket Cloud

As part of the Bitbucket product team I'm always interested in better understanding what kind of impact the use of our tools have on the way you work. In a recent study we conducted of software devel...

49 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you