JIRA REST API v3 returns 415 on OPTIONS method

Joel Kinzel May 2, 2024

I'm attempting to hit the JIRA Cloud REST API v3 in a React application in order to automate some reports for my team. I am using the native fetch to make the call.

However, the pre-flight OPTIONS request that gets sent is returning a 415. I have the content type set to "application/json" (as well as the "accepts"). 

I more or less copied the NodeJS example from  the docs (swapping out for things within my Jira instance of course): https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issue-search/#api-rest-api-3-search-post 

Any thoughts on what steps I could try next?

3 answers

1 accepted

0 votes
Answer accepted
Joel Kinzel May 9, 2024

I was able to figure out what was happening. I am using create react app and http-proxy-middleware (per the CRA docs). HPM forwards all headers and because there is a User-Agent header attached to the POST request, Atlassian REST was rejecting it (even though the request was coming from Node and not the browser). I removed the User-Agent header and the request was able to complete.  

For those curious or running into a similar situation here is the code, specifically for http-proxy-middleware. 

target: JIRA_REST_URI,
changeOrigin: true,
logger: console,
proxyReq.setHeader('Authorization', `Basic ${Buffer.from(process.env.REACT_APP_JIRA_API_IDENTITY+':'+process.env.REACT_APP_JIRA_API_TOKEN).toString('base64')}`);


0 votes
Joel Kinzel May 3, 2024

See response below

0 votes
Francis Batilo
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 2, 2024

Hey @Joel Kinzel ,

From the error code, it seems that your authorisation and connection is there, however, it seems like the payload format isn't recognised. If you're using json, then is more often than not, likely a case of a single quote to double quotes problem. But I'm not sure.  Can you copy your code here but truncate any references to your Jira instance. I want to check it.

Joel Kinzel May 3, 2024

Thanks Francis, I copied the code from the example. I've confirmed that the API key is being properly loaded in the call. As I mentioned, the issue appears to be the pre-flight OPTIONS request that Chrome sends. It returns a 415 and thus the POST never actually fires. I have tried adding "mode: cors" and "mode: no-cors" but those don't work either. Here is the fetch code:

const res = await fetch('https://acmeco.atlassian.net/rest/api/3/search', {
method: 'POST',
mode: "cors",
headers: {
'Authorization': `Basic ${Buffer.from('jkinzel@acmeco.com:'+process.env.REACT_APP_JIRA_API_TOKEN).toString('base64')}`,
'Accept': 'application/json',
'Content-Type': 'application/json'
body: `{
"expand": [
"fields": [
"fieldsByKeys": false,
"jql": "project = \"AMP\"",
"maxResults": 15,
"startAt": 0

Here is the error I'm getting in the Chrome Developer Tools:

Access to fetch at 'https://acmeco.atlassian.net/rest/api/3/search' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Setting the request to "no-cors" won't work though because that prevents setting the "Content-Type" header. 

As I understand it, the API needs additional configuration to include the Allow-Origin Header mentioned above included with the OPTIONS response.

Suggest an answer

Log in or Sign up to answer
Site Admin
AUG Leaders

Atlassian Community Events