-
Suggestion
-
Resolution: Unresolved
-
None
-
5
-
4
-
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Hi everyone,
CORS has been supported in the JIRA REST API since JIRA 6.0 for JIRA Server. If you are a JIRA Server customer, simply go to the "Whitelist" section of JIRA Administration and add the domains you wish to request resources from. Note: You must have the System Administrator global permission to access this section of JIRA administration.
Unfortunately, this domain whitelist is not available in JIRA Cloud for security reasons. We haven't yet been able to spend time developing a pattern for supporting this in JIRA Cloud, but we do intend to work on this at some point in the future.
I have updated the issue summary to more accurately reflect the current status of this feature.
Regards,
Dave Meyer
dmeyer@atlassian.com
Product Manager, JIRA Platform
JIRA REST API documentation (http://docs.atlassian.com/jira/REST/latest/#authentication) says: ... if you are using JIRA in a browser you can call REST from Javascript on the page and rely on the authentication that the browser has established.
However it does not work, see my example http://jsfiddle.net/avalez/nCcq9/2/ and others complains: https://answers.atlassian.com/questions/69356/cross-origin-resource-sharing-with-jira-rest-api-and-javascript
Looks like Access-Control-Allow-Origin response header is missing.
CAUTION, to make it really work for remote clients, it's necessary to respond with exact match for host name in Access-Control-Allow-Origin header, see related AMKT-3342 (https://ecosystem.atlassian.net/browse/AMKT-3342).
- duplicates
-
JRASERVER-59101 Jira doesn't support preflighted requests for CORS
-
- Closed
-
- is cloned from
-
- Closed
- is duplicated by
-
- Gathering Interest
- links to
[JRASERVER-65362] Allow cross-domain requests for CORS
+1
I'd like to make my own multi-app dashboard, but I can't integrate Jira with it because of the CORS error. It'd be really helpful if this worked with basic auth
Using OAuth 2.0 (3LO) flow, I get a code, exchange it for a token, and use it in the Authorization header for requests on api.atlassian.com from the browser. Results:
- endpoint /me works as expected, returns the current user info.
- endpoint /rest/api/3/search does not work, cors error for the GET and 404 for the OPTIONS preflight.
Is some special config needed for the /rest route?
Disregard! I missed the little note on the REST API reference that non-forge/connect apps need the cloud-id prefixed on the path. That's really a critical piece of information to bury in a very long doc.
can you try Oauth2.0 to access the Jira cloud rest api from ur external client (angular, react,node);
I would love the ability to query my Jira server nodes with REST API calls to programmatically get information.
This is unfortunately preventing any web client from leveraging Jira Cloud's API 
Are there any plans to provide a workaround?
Pradeep
added a comment - HI Team,
I am accessing Jira from simple ajax it's throwing cross orgin resource sharing error can you please help me out of this.
Pradeep
added a comment - HI Team,
I am accessing Jira from simple ajax it's throwing cross orgin resource sharing error can you please help me out of this.
I also would like to be able to make this work such that an internal code review tool can have buttons that make fetch requests to our self hosted Jira that sits on the same domain using the cookie already present for the browser assuming they have logged in recently in their browser and it hasn't expired.