Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

jQuery ajax post not working, authorization error...

Breno Pimentel Lucena
Breno Pimentel Lucena
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 29, 2018

Hi guys,

 

I´ve been trying to create an "JIRA Issue" via jquery ajax (cross domain).

I don't want to use cors.

Here follows my code:

$("#buttonPost").click(function () {
 $.ajax({
 type: "POST",
 dataType: "json",
 crossDomain: true,
 processData: false,
 url: inputUrl,
 data: JSON.stringify(inputData),
 headers: {
 'Content-Type': 'application/json',
 'Authorization': 'Basic *********',
 'X-Atlassian-Token': 'no-check',
 'Access-Control-Allow-Origin': '*'
 },
 success: function (response) {
 $("#divPostResults").append(JSON.stringify(response));
 },
 error: function (error) {
 $("#divPostResults").append(JSON.stringify(error));
 }
 });
 });

 PS: Authorization token was erased.

 

TEST RESULTS:

 

REQUEST HEADER

OPTIONS https://********:8443/rest/api/2/issue HTTP/1.1
Host: altdev.altitude.com:8443
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://localhost:52193
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36
Access-Control-Request-Headers: access-control-allow-origin,authorization,content-type,x-atlassian-token
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es-ES;q=0.8,es;q=0.7,fr-FR;q=0.6,fr;q=0.5,de-DE;q=0.4,de;q=0.3,pt-BR;q=0.2,pt;q=0.1,pt-PT;q=0.1

RESPONSE HEADER:

HTTP/1.1 200
X-AREQUESTID: 739x2175x1
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-ASEN: SEN-7187215
Set-Cookie: atlassian.xsrf.token=B04D-2SOY-GV2A-7GH5|c8b0b46c2a5fb658f8934b91aa120672832acb80|lout;path=/;Secure
X-AUSERNAME: anonymous
Cache-Control: no-cache, no-store, no-transform
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Tue, 29 May 2018 11:19:03 GMT

ERROR:

Failed to load https://*************:8443/rest/api/2/issue: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:52193' is therefore not allowed access.

 

Again, I just want to create a new issue on a specific project, using my authorization token.

I´ll be glad if someone help me with it, it´s been a long and hard situation.

Thank you in advance.

Breno.

Answer
Watch
Like Be the first to like this
13906 views

1 answer

1 accepted

1 vote
Answer accepted
J van Leeuwen
J van Leeuwen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 9, 2019

Hi Breno, 

A little bit late but posting this with the hopes that you were able to resolve this and the information will help someone else. 

This is a security feature of web browsers called Same Origin Policy. You cannot make an AJAX call to a URL that is on a different domain than where the JavaScript was loaded from (ie. has the "same origin").

There are a number of ways to work around this, the two most common ones are:

  1. Serve your JavaScript from the remote server, instead of the host server.
  2. Make the remote server respond with the correct Cross Origin Resource Sharing ("CORS")headers that will let the browser relax this security policy.

While I see that you do not want to use CORS, please note for CORS, you'll need to configure Jira's whitelist: Configuring the whitelist. More information on this topic can be found in another community post: Rest call to Jira in Jquery results in error No Access Control

Jennifer 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events