Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Not able to request Jira’s API from a front-end javascript page - CORS

Jeremy Octeau
Jeremy Octeau
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 21, 2020

Hey!

I'm trying to access the Jira's API from an Angular web page but I'm always getting this error: 

Access to XMLHttpRequest at 'https://company.atlassian.net/rest/api/latest/agile/1.0/board?max_results=50' from origin 'https://company.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I read multiple forum threads but I can't find the whitelist option in the Jira administration panel.
How can I fix this issue?
Knowing that my company is using Jira Software (Cloud)

Thank's,
Jeremy


Answer
Watch
Like Be the first to like this
1822 views

1 answer

0 votes
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 22, 2020

Hi @Jeremy Octeau ,

Welcome to the Atlassian Community!

CORS are only supported using OAuth 2.0 (3LO) for apps, while from your URL I can see that you are not using that.

So, in your case, you may want to use something like CORS anywhere to proxy your calls.

For further details on this please see: 

We actually do support CORS requests when using https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/, as your requests will go through api.atlassian.com where token based authentication is the only thing we allow.

For further explanation: The problem why we don’t support CORS directly on your site host/domain is that we accept session based authentication on there, which would then allow any site to make random, authenticated requests to your site.

The alternative is to proxy your requests through your own backend

 

Cheers,
Dario

View More Comments
Jeremy Octeau
Jeremy Octeau
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 28, 2020

Hey @Dario B ,

So I followed the different steps of the documentation you sent me.
I was able to get a code from the OAuth 2.0 (3LO) and then transform it into an access_token by using  POST https://auth.atlassian.com/oauth/token .

I retrieved all the accessible resources with GET /oauth/token/accessible-resources 
and it looks like it's working.

Just one issue: for example when I request

https://api.atlassian.com/ex/jira/{cloud_id}/rest/api/latest/dashboard/search?dashboardName=test&max_results=50

I receive an error: OAuth 2.0 is not enabled for this method.


But when using 

https://api.atlassian.com/ex/jira/{cloud_id}/rest/api/2/dashboard/search?dashboardName=test&max_results=50


It looks like it's working. Am I missing something?

Also, is there a way of getting all the values for the sprints? Which is technically customfield_10020 in my case?

Like
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 29, 2020

Hello @Jeremy Octeau ,

You are not missing anything, you have just hit the below bug:

As you can see the bug has been closed 2 days ago since it didn't get enough traction so far and since it has a very simple workaround: just use either 2 or 3 in REST API endpoints you are calling, do not use "latest".

Please let me know if I should ping the dev team in charge of fixing this bug to ask to have it re-opened.

 

Also, as regarding a way to get all the values for the sprints, this can be done by using the Jira Software Cloud REST API endpoint: 

If this is not what you were looking for please provide more details.

 

Cheers,
Dario

Like
Like
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 19, 2021

Hello @Vlad Nik ,

As the error message says, it is really the case that Oauth2 is not enabled for those REST API endpoints.

Indeed, if you look at the documentation for the Board REST API endpoints, you can see that there is no Oauth scope declared in there:

 

For this reason I have created below feature request some time ago, asking to have Oauth2 enabled also for all the Jira Software Cloud REST API endpoints:

You may want to vote and watch the above feature request so that you will get notified in case of any update. The  feature will be addressed according to the Implementation of New Features Policy.

 

Cheers,
Dario

Like Vlad Nik likes this
Vlad Nik
Vlad Nik
Contributor
March 19, 2021

Thanks, @Dario B 

Like Dario B likes this
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 19, 2021

You are very welcome @Vlad Nik , Have a nice weekend! :) 

Like Vlad Nik likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.