Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight

pageflourin July 17, 2017

im not what i did but i have been having error with my front end app communicating with JIRA via REST API. i need to create issues via my app and send a  POST request. but i am really having errors with CORS. i have asked our server techs to add the response headers the webxml as instructed here.

 

https://community.atlassian.com/t5/Answers-Developer-Questions/Cross-Origin-Resource-Sharing-with-JIRA-REST-API-and-Javascript/qaq-p/484801

 

and other resources. but they didnt work my jira dev environment is not accessible everytime i update my webxml. i walways get error 404. so we had to refresh the changes. 

 

anyway when i ran the code, i didnt get the usual CORS issue error i have but i had this error in chrome:

 

XMLHttpRequest cannot load https://jira-dev.....org/rest/api/2/issue/. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.

here is my code:

 

return $.ajax({
url: 'https://jira-dev.cambridge.org/rest/api/2/issue/',
type: "POST",
data: parameters,
contentType: 'application/json',
//contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
dataType: 'JSON',
async: false,
processData: false,
crossDomain: true,
xhrFields: {
withCredentials: true
},
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'basic: '+make_base_auth(username, password));

},
error: function (errmsg) {
//console.log('error ocured:' + errmsg.statusText);
return errmsg;
},
success: function (text) {
//console.log(text);
return text;
},

 

1 answer

0 votes
Robert Krause
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 23, 2018

This is related to the messed up CORS implementation by atlassian. If you make something else as a GET request, e.g. (POST, PUT, DELETE) the browser performs a pre-flight request. This is a HEAD request checking if the requested resource allows for the method and specific headers. Unfortunately on a lot of Atlassians products these headers are not set properly. We addressed this by wring a add-on containing a servlet filter for all desired resources that handles pre-flight requests and allows the proper headers.

Suggest an answer

Log in or Sign up to answer