Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-65362

Allow cross-domain requests for CORS

    XMLWordPrintable

    Details

    • UIS:
      7
    • Support reference count:
      4
    • Feedback Policy:
      We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Atlassian Update - 11 January 2017

      Hi everyone,

      CORS has been supported in the JIRA REST API since JIRA 6.0 for JIRA Server. If you are a JIRA Server customer, simply go to the "Whitelist" section of JIRA Administration and add the domains you wish to request resources from. Note: You must have the System Administrator global permission to access this section of JIRA administration.

      Unfortunately, this domain whitelist is not available in JIRA Cloud for security reasons. We haven't yet been able to spend time developing a pattern for supporting this in JIRA Cloud, but we do intend to work on this at some point in the future.

      I have updated the issue summary to more accurately reflect the current status of this feature.

      Regards,

      Dave Meyer
      dmeyer@atlassian.com
      Product Manager, JIRA Platform

      JIRA REST API documentation (http://docs.atlassian.com/jira/REST/latest/#authentication) says: ... if you are using JIRA in a browser you can call REST from Javascript on the page and rely on the authentication that the browser has established.

      However it does not work, see my example http://jsfiddle.net/avalez/nCcq9/2/ and others complains: https://answers.atlassian.com/questions/69356/cross-origin-resource-sharing-with-jira-rest-api-and-javascript

      Looks like Access-Control-Allow-Origin response header is missing.

      CAUTION, to make it really work for remote clients, it's necessary to respond with exact match for host name in Access-Control-Allow-Origin header, see related AMKT-3342 (https://ecosystem.atlassian.net/browse/AMKT-3342).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              7e648b92d9ef Mao Jianwei
              Votes:
              70 Vote for this issue
              Watchers:
              44 Start watching this issue

                Dates

                Created:
                Updated: