Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Odd CORS error querying JIRA REST API

mark-norgate
mark-norgate June 23, 2016

I am trying to develop a D3 visualisation project for our JIRA boards, but I've fallen at the first hurdle. I'm having trouble authenticating and getting a list of JIRA boards.

This code is entirely client-side and is in Angular 2 RC 3. My service looks like this:

public authenticate( username:string, password:string ):void {
    let encodedAuth:string = window.btoa( `${username}:${password}` );
    this.headers = new Headers();
    this.headers.append( 'Content-Type', 'application/json' );
    this.headers.append( 'Authorization', `Basic ${encodedAuth}` );
}
public getAllBoards():Observable<Boards> {
    return this.http.get( `http://${this.host}/rest/agile/1.0/board`, this.headers )
        .map( response => response.json() as Boards )
}

and the code in my component looks like this:

constructor( protected jiraService:JIRAService ) {
    this.jiraService.authenticate('me@you.com', 'password');
    this.jiraService.getAllBoards().subscribe(
        boards => this.boards = boards
    );
}

Unfortunately, this generates what looks like a CORS error in my browser:

XMLHttpRequest cannot load https://myjira.atlassian.net/rest/agile/1.0/board. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 401.

...which is a little unexpected. This same URL used directly in the browser, or in Postman, works fine and returns a list of boards. Examining the request in Charles I see the error "SSL Proxying not enabled for this host: enable in Proxy Settings, SSL locations", but cannot actually find this setting. I don't care if I can't see it in Charles actually, I just want to get it working!

I have tried several of the npm JIRA packages but none of them are remarkable and seem to be designed for server-side development.

Any help greatly appreciated. I have asked this question on StackOverflow, but the responses were not helpful.

Answer
Watch
Like Andreas Ebert likes this
3190 views

3 answers

Reply
0 votes
8 BIT Avenue
8 BIT Avenue
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 6, 2016

Regarding the error: SSL Proxying not enabled for this host: enable in Proxy Settings, SSL locations

You can refer to the following post to resolve that in case you want to enable SSL proxying

http://www.8bitavenue.com/2015/05/debugging-ios-and-android-ssl-connections-using-charles-proxy/

Reply
0 votes
Petar Petrov _Appfire_
Petar Petrov (Appfire)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 23, 2016

Are you developing an Atlassian Connect add-on? If yes, then your code is violating the same-origin policy because your code is actually loaded from a different domain than the host JIRA.

In order to make requests to the host JIRA without requiring CORS, you need to use the Request module as described in the documentation.

It is completely normal for the URL to return results when directly invoked in a browser, because in this case the same-origin policy is not violated - there is no code from other domain being executed in the browser - the browser is directly executing the REST request.

View More Comments
mark-norgate
mark-norgate June 23, 2016

Ok, I'm not entirely convinced if what I'm writing qualifies as a Connect add-on: I am writing a web app that will (hopefully!) query JIRA somehow - I thought over the REST API - and display pretty graphs based on key data. This web app will sit on my company's own domain, not the JIRA domain. It is an entirely separate app and will not slot into the JIRA website.

Am I living in a fantasy land? Is this not possible? A piece of understanding that is missing in this respect I why it is possible to request over the REST API directly in a browser, by typing the API URL into the browser; but you can't do it in code. What on earth is the difference from a security point of view, or is Atlassian's motivation for disabling this not a security consideration?

I shall read the documentation link provided, thanks for that.

Like
Petar Petrov _Appfire_
Petar Petrov (Appfire)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 24, 2016

This is not something which Atlassian did - this is basic browser security. Among other things, the same-origin policy prevents unauthorized cookie-based authentication.

Anyway, if you have administrative privileges in JIRA, you can whitelist the domain of the application making the REST call, to enable CORS - go to System->Whitelist and add the origin URL.

Like
vikram jeet singh
vikram jeet singh
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 17, 2017

Hi Petar,
I am also getting the same issue as mentioned above by Mark and even after enable CORS from adding whitelist, it doesn't work. 

Here is my code, simple ajax request:

var username = "******";
    var password = "******";


    $.ajax({
        url: "https://jiradomain.com/rest/auth/1/session",
        type: 'GET',
        contentType: 'application/json',
        crossOrigin: true,
        beforeSend: function(xhr) {
            xhr.setRequestHeader("Authorization", "Basic " + window.btoa(username + ":" + password));
        },
        error: function(error) {
            console.log(error);
        },
        success: function(data) {
            console.log(data);
        }
    });

 

Some of other guys also faced same issue:
https://community.atlassian.com/t5/JIRA-questions/CORS-issues-with-JIRA-REST-API-even-after-adding-to-whitelist/qaq-p/209789

Please help us we are not able to move ahead as we stuck at first step.
Thanks

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.