When I make a GET request via Postman to
https://<my-company>.atlassian.net/rest/api/2/search
I get back a list of issues as expected. When try to make the same request in chrome using javascript, I get back an empty response with a 200 status.
Here's my JS:
const token = btoa("<username>:<app token>"); // base64encode basic auth token
const URL = `https://<my-company>.atlassian.net/rest/api/2/search`;
const response = await fetch(URL, {
headers: {
Authorization: `Basic ${token}`
}
});
I am running this from localhost:8080 in case that matters.
If I use an incorrect access token I get a 401 error as expected. If I use an incorrect url I get a 404 as expected. I can only assume it's something to do with CORS, since I'm pointing at the right address, I have correct authentication, and I can get back a response in postman.
How do I successful query issues from Jira cloud using javascript in a browser (not nodejs)?
Hi @Tim Graboski ,
This question has already been answered in the below thread in the Atlassian developer community:
......
We actually do support CORS requests when using https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/ 15, as your requests will go through api.atlassian.com 2 were token based authentication is the only thing we allow.
For further explanation: The problem why we don’t support CORS directly on your site host/domain is that we accept session based authentication on there, which would then allow any site to make random, authenticated requests to your site.
The alternative is to proxy your requests through your own backend....
.....
Also, for the future, you might have better luck asking this kind of questions in the developers' community :)
I hope this helps.
Cheers,
Dario
Thanks for the reply. I totally didn't notice this forum isn't for developers; my bad. If I understand the post, this means I must use the oauth flow for this type of web-based request?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You are very welcome :)
Also, in order to answer your question, you are correct: out-of-the box CORS request are only supported when using OAuth 2.0 (3LO) for apps.
However, there are also ways to achieve this by proxying your requests, for example by using something like:
Please let me know if you have further questions or accept the answer otherwise.
Dario
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Atlassian should make that more clear that browser requests are blocked. Why show us working demos in Postman and Curl, when we really need to do this via JS in the browser in the real word. I am not going to run an app in terminal window. Why tease us with a functionality that doesn't actually exist? Especially after we told our boss it was working in Postman and should be just a little more time before it's working in the app.
Yet if i drop it in the url in the top of the browser it just returns all the data with no checking of password or anything.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Aleksandr Gembinski ,
As already mentioned this is not the right place to discuss development related issues, you should go to the Developers Community instead.
However, as already explained:
The problem why we don’t support CORS directly on your site host/domain is that we accept session based authentication on there, which would then allow any site to make random, authenticated requests to your site.
Most likely there also other ways to achieve your goals and you may want to check possible alternative approaches with the other developers in the Developers Community.
Also, if you can get results by writing the REST API endpoint in the browser address bar there are only 2 possibilities:
If it's none of the above you should provide more details so that we can further investigate.
Cheers,
Dario
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.