How do you add whitelists in JIRA

jacob.blackwell November 22, 2019

I want to be able to request data from my JIRA (https://domain.atlassian.com) via Javascript running on my SharePoint site (//InternalDomain/) but have been getting blocked due to the cross-domain nature of this request:

Access to XMLHttpRequest at 'http://domain.atlassian.net/rest/agile/1.0/1/backlog?startAt=0&maxResults=15' from origin 'http://InternalDomain' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

Based on all my research there should be a white-list option in the general settings of JIRA. I can't find it nor can any other of my admins. (I am a system admin myself.) The closest I can find for an explanation is doing it in confluence:
https://confluence.atlassian.com/doc/configuring-the-whitelist-381255821.html

However, those steps do not work, in confluence or JIRA or anywhere else I have looked.

2 answers

2 accepted

0 votes
Answer accepted
Petter Gonçalves
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 25, 2019

Hello Jacob,

Welcome to Atlassian Community. sorry to hear you are facing this problem.

I see that you have tagged this question with JIRA Cloud. Is this the environment you have?

If that's correct, I can confirm to you that the whitelist option you are looking for is only available for JIRA Server application, which is the one related in the documentation you provided.

For Jira Cloud, the domain whitelist is not available yet for security reasons. We haven't yet been able to spend time developing a pattern for supporting this in JIRA Cloud, but we do intend to work on this at some point in the future. You can see a detailed explanation about this in the feature request below:

Allow cross-domain requests for CORS 

That being said, there was applied a change in api.atlassian.com that includes CORS for calls using (3LO) access tokens, although it does not accept "Implicit grant flow":

OAuth 2.0 (3LO) currently supports the code grant flow only. It does not support the implicit grant flow. We understand that this is preventing people from using OAuth 2.0 (3LO) for standalone mobile apps and web/JavaScript (Chrome, Electron) apps and we are investigating ways to address this.

Please, take a look at the documentation below to check if there are any other options you can to achieve what you need:

OAuth 2.0 (3LO) for apps

Let us know if you have any questions.

jacob.blackwell December 3, 2019

So for that OAuth, it looks like each user would have to have a JIRA license, we want to expose data to stakeholders that have no business having a JIRA license. :(

0 votes
Answer accepted
Earl McCutcheon
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 25, 2019

Hello @jacob.blackwell ,

The Whitelist options in the KB you linked are for the self hosted Server platform only and not possible in the cloud platform at this time,  Some additional details can be seen in the feature request below noting in specific the portion of the description:

Unfortunately, this domain whitelist is not available in JIRA Cloud for security reasons. We haven't yet been able to spend time developing a pattern for supporting this in JIRA Cloud, but we do intend to work on this at some point in the future.

I have updated the issue summary to more accurately reflect the current status of this feature.

As for Sharepoint integration, this is something that is also heavily Server platform contingent as well, and there was a recent Sharepoint Dev Blog (Viewable here) detailing roll out plans for increased integration's to Jira Server but no news relating to Jira cloud integration.  So I was not able to locate any information avaliable on any Jira Cloud and Sharepoint integration plans from Microsoft.

I did a search in the Atlassian Marketplace for Sharepoint on Jira cloud applications and the app "Zipboard For Jira" is noted as having Sharepoint options however I am not sure at what level, but I would recomend checking if it would fit your needs.

Regards,
Earl

Suggest an answer

Log in or Sign up to answer