Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Enable CORS in JIRA REST API

Ismar_Slomic
Ismar_Slomic November 16, 2015

I´m calling JIRA REST API from JavaScript in a Confluence User Macro and I´m facing CORS issues because JIRA and Confluence are on two different domains and preflight request . I have tried several CORS solutions as described below, without any success. So Im begging for some input from others that probably have solved this issue.

JavaScript snippet that is failing:
AJS.$.ajax({
            type: "GET",
            url: "http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)",
            dataType: "json",
            contentType: "application/json",
            async: false
        })
Error message (from Firefox):
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45). This can be fixed by moving the resource to the same domain or enabling CORS.
JIRA Configuration
  • JIRA Version: 6.4.12
  • Url: http://jira.mydomain.com
  • Running Apache in front (proxy): Yes
    • Response Headers Configuration:
      • Access-Control-Allow-Headers:origin, content-type, accept
      • Access-Control-Allow-Methods:POST, GET, OPTIONS
      • Access-Control-Allow-Origin:*
  • Confluence added to the whitelist: Yes
Confluence Configuration
Tested with browsers:
  • Chrome (latest)
  • Safari (latest)
  • Firefox (latest)

Testing preflight request (OPTIONS) with CURL:
ismar.slomic$ curl -X OPTIONS "http://jira.mydomain.com/rest/api/latest/search/?jql=issue in issueLink(SR-55)" -v
*   Trying 10.107.1.24...
* Connected to jira.mydomain.com (127.0.0.1) port 80 (#0)
> OPTIONS /rest/api/latest/search/?jql=issue in issueLink(SR-55) HTTP/1.1
> Host: jira.mydomain.com
> User-Agent: curl/7.43.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host jira.mydomain.com left intact
curl: (52) Empty reply from server

This seems to be positive response.

Testing preflight request (OPTIONS) with Crome extention Postman:
OPTIONS http://jira.mydomain.com/rest/api/latest/search/?jql=issue in issueLink(SR-55)

Response error: Could not get any response. This seems to be like an error connecting to http://jira.mydomain.com/rest/api/latest/search/?jql=issue in issueLink(SR-55)

Answer
Watch
Like # people like this
29506 views

3 answers

1 vote
Benjamin Rau
Benjamin Rau April 20, 2017

I had the exact same problem with my Angular application connection to JIRA REST Api.

GET request wasnt the problem - Access Control Header were correct there.

The problem is that response for OPTIONS (preflight) request doesnt contain Access-Control-Accept-Origin header.

I guess because JIRA application doesnt run on OPTIONS request and cant return the origins from whitelist at this point.

I worked around this issue by configuring the following on the Apache VirtualHost which has ProxyPass to Tomcat:

SetEnvIf Request_Method "OPTIONS" IS_OPTIONS_REQUEST
Header add Access-Control-Allow-Origin: "http://localhost:4200" env=IS_OPTIONS_REQUEST
Header add Access-Control-Allow-Methods: "POST, GET, OPTIONS" env=IS_OPTIONS_REQUEST
Header add Access-Control-Allow-Headers: "authorization,content-type" env=IS_OPTIONS_REQUEST

This way i define the nessesary CORS headers on OPTIONS request. Please keep the condition and done make your server respond with this headers on GET, because JIRA will add its own Access-Control-Allow-Origin Header on GET and thus it would be doubled.

Then your browser would complain about "Only one Access-Control-Allow-Origin header is allowed on Response headers.

This entirely solves my problem. Thinking about making the value a wildcard now to dont need to maintain the value. GET will anyway contain the values from whitelist.

Cheers Ben

View More Comments
Joel Suter
Joel Suter September 7, 2017

If i run a normal plugin with a REST api where do I have to write this? Which directory and which file.

Info: I did nothing special to the server, normal localhost running on tomcat.

Like
Reply
0 votes
Александр Верзаков
Александр Верзаков
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 8, 2017

I tried get rest data from JIRA in JS.

baseUrl = "https://url";
var response = httpGet("/rest/..., baseUrl);

function httpGet(theUrl, baseUrl)
{
    var xmlHttp = new XMLHttpRequest();
    xmlHttp.open( "GET", theUrl, false ); // false for synchronous request
    xmlHttp.setRequestHeader('Access-Control-Allow-Origin', baseUrl);
    xmlHttp.send( null );
    return xmlHttp.responseText;
}

REMOVE base url from link make browser to substitute it himself and not touch Access-Control exception

 

Reply
0 votes
Volodymyr Krupach
Volodymyr Krupach
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 16, 2015

You can do it through applinks path. Please see Philip's answer: https://answers.atlassian.com/questions/209914

View More Comments
Fernando Bordallo
Fernando Bordallo
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 13, 2020

This link is broken :(

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events