Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Enable CORS in JIRA REST API

Ismar_Slomic
Ismar_Slomic November 16, 2015

I´m calling JIRA REST API from JavaScript in a Confluence User Macro and I´m facing CORS issues because JIRA and Confluence are on two different domains and preflight request . I have tried several CORS solutions as described below, without any success. So Im begging for some input from others that probably have solved this issue.

JavaScript snippet that is failing:
AJS.$.ajax({
            type: "GET",
            url: "http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)",
            dataType: "json",
            contentType: "application/json",
            async: false
        })
Error message (from Firefox):
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45). This can be fixed by moving the resource to the same domain or enabling CORS.
JIRA Configuration
  • JIRA Version: 6.4.12
  • Url: http://jira.mydomain.com
  • Running Apache in front (proxy): Yes
    • Response Headers Configuration:
      • Access-Control-Allow-Headers:origin, content-type, accept
      • Access-Control-Allow-Methods:POST, GET, OPTIONS
      • Access-Control-Allow-Origin:*
  • Confluence added to the whitelist: Yes
Confluence Configuration
Tested with browsers:
  • Chrome (latest)
  • Safari (latest)
  • Firefox (latest)

Testing preflight request (OPTIONS) with CURL:
ismar.slomic$ curl -X OPTIONS "http://jira.mydomain.com/rest/api/latest/search/?jql=issue in issueLink(SR-55)" -v
*   Trying 10.107.1.24...
* Connected to jira.mydomain.com (127.0.0.1) port 80 (#0)
> OPTIONS /rest/api/latest/search/?jql=issue in issueLink(SR-55) HTTP/1.1
> Host: jira.mydomain.com
> User-Agent: curl/7.43.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host jira.mydomain.com left intact
curl: (52) Empty reply from server

This seems to be positive response.

Testing preflight request (OPTIONS) with Crome extention Postman:
OPTIONS http://jira.mydomain.com/rest/api/latest/search/?jql=issue in issueLink(SR-55)

Response error: Could not get any response. This seems to be like an error connecting to http://jira.mydomain.com/rest/api/latest/search/?jql=issue in issueLink(SR-55)

Answer
Watch
Like # people like this
29873 views

3 answers

1 vote
Benjamin Rau
Benjamin Rau April 20, 2017

I had the exact same problem with my Angular application connection to JIRA REST Api.

GET request wasnt the problem - Access Control Header were correct there.

The problem is that response for OPTIONS (preflight) request doesnt contain Access-Control-Accept-Origin header.

I guess because JIRA application doesnt run on OPTIONS request and cant return the origins from whitelist at this point.

I worked around this issue by configuring the following on the Apache VirtualHost which has ProxyPass to Tomcat:

SetEnvIf Request_Method "OPTIONS" IS_OPTIONS_REQUEST
Header add Access-Control-Allow-Origin: "http://localhost:4200" env=IS_OPTIONS_REQUEST
Header add Access-Control-Allow-Methods: "POST, GET, OPTIONS" env=IS_OPTIONS_REQUEST
Header add Access-Control-Allow-Headers: "authorization,content-type" env=IS_OPTIONS_REQUEST

This way i define the nessesary CORS headers on OPTIONS request. Please keep the condition and done make your server respond with this headers on GET, because JIRA will add its own Access-Control-Allow-Origin Header on GET and thus it would be doubled.

Then your browser would complain about "Only one Access-Control-Allow-Origin header is allowed on Response headers.

This entirely solves my problem. Thinking about making the value a wildcard now to dont need to maintain the value. GET will anyway contain the values from whitelist.

Cheers Ben

View More Comments
Joel Suter
Joel Suter September 7, 2017

If i run a normal plugin with a REST api where do I have to write this? Which directory and which file.

Info: I did nothing special to the server, normal localhost running on tomcat.

Like
Reply
0 votes
Александр Верзаков
Александр Верзаков
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 8, 2017

I tried get rest data from JIRA in JS.

baseUrl = "https://url";
var response = httpGet("/rest/..., baseUrl);

function httpGet(theUrl, baseUrl)
{
    var xmlHttp = new XMLHttpRequest();
    xmlHttp.open( "GET", theUrl, false ); // false for synchronous request
    xmlHttp.setRequestHeader('Access-Control-Allow-Origin', baseUrl);
    xmlHttp.send( null );
    return xmlHttp.responseText;
}

REMOVE base url from link make browser to substitute it himself and not touch Access-Control exception

 

Reply
0 votes
Volodymyr Krupach
Volodymyr Krupach
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 16, 2015

You can do it through applinks path. Please see Philip's answer: https://answers.atlassian.com/questions/209914

View More Comments
Fernando Bordallo
Fernando Bordallo
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 13, 2020

This link is broken :(

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.