Uploaded image for project: 'Jira Cloud (including JIRA Core)'
  1. Jira Cloud (including JIRA Core)
  2. JRACLOUD-30371

Allow cross-domain requests for CORS

    XMLWordPrintable

    Details

    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Atlassian Update - 11 January 2017

      Hi everyone,

      CORS has been supported in the JIRA REST API since JIRA 6.0 for JIRA Server. If you are a JIRA Server customer, simply go to the "Whitelist" section of JIRA Administration and add the domains you wish to request resources from. Note: You must have the System Administrator global permission to access this section of JIRA administration.

      Unfortunately, this domain whitelist is not available in JIRA Cloud for security reasons. We haven't yet been able to spend time developing a pattern for supporting this in JIRA Cloud, but we do intend to work on this at some point in the future.

      I have updated the issue summary to more accurately reflect the current status of this feature.

      Regards,

      Dave Meyer
      dmeyer@atlassian.com
      Product Manager, JIRA Platform

      JIRA REST API documentation (http://docs.atlassian.com/jira/REST/latest/#authentication) says: ... if you are using JIRA in a browser you can call REST from Javascript on the page and rely on the authentication that the browser has established.

      However it does not work, see my example http://jsfiddle.net/avalez/nCcq9/2/ and others complains: https://answers.atlassian.com/questions/69356/cross-origin-resource-sharing-with-jira-rest-api-and-javascript

      Looks like Access-Control-Allow-Origin response header is missing.

      CAUTION, to make it really work for remote clients, it's necessary to respond with exact match for host name in Access-Control-Allow-Origin header, see related AMKT-3342 (https://ecosystem.atlassian.net/browse/AMKT-3342).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              agallien@atlassian.com Alex Gallien
              Reporter:
              azhdanov Andriy Zhdanov
              Votes:
              186 Vote for this issue
              Watchers:
              150 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: