-
Suggestion
-
Resolution: Fixed
-
None
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Hi everyone,
CORS has been supported in the JIRA REST API since JIRA 6.0 for JIRA Server. If you are a JIRA Server customer, simply go to the "Whitelist" section of JIRA Administration and add the domains you wish to request resources from. Note: You must have the System Administrator global permission to access this section of JIRA administration.
Unfortunately, this domain whitelist is not available in JIRA Cloud for security reasons. We haven't yet been able to spend time developing a pattern for supporting this in JIRA Cloud, but we do intend to work on this at some point in the future.
I have updated the issue summary to more accurately reflect the current status of this feature.
Regards,
Dave Meyer
dmeyer@atlassian.com
Product Manager, JIRA Platform
JIRA REST API documentation (http://docs.atlassian.com/jira/REST/latest/#authentication) says: ... if you are using JIRA in a browser you can call REST from Javascript on the page and rely on the authentication that the browser has established.
However it does not work, see my example http://jsfiddle.net/avalez/nCcq9/2/ and others complains: https://answers.atlassian.com/questions/69356/cross-origin-resource-sharing-with-jira-rest-api-and-javascript
Looks like Access-Control-Allow-Origin response header is missing.
CAUTION, to make it really work for remote clients, it's necessary to respond with exact match for host name in Access-Control-Allow-Origin header, see related AMKT-3342 (https://ecosystem.atlassian.net/browse/AMKT-3342).
- relates to
-
JRACLOUD-30371 Allow cross-domain requests for CORS
- Closed
- was cloned as
-
JRASERVER-65362 Allow cross-domain requests for CORS
- Gathering Interest
-
JRASERVER-65499 Allow cross-domain requests for CORS
- Gathering Interest
- is related to
-
JST-196829 Loading...