Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72854

Make Jira allow the cookies value for the Access-Control-Allow-Headers in Preflight requests

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • REST API
    • None
    • 3
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Issue

      As per this comment, after the bug JRASERVER-59101 got fixed, only some values are accepted by Jira for the Access-Control-Allow-Headers header in preflight requests:

      pre-flight OPTIONS request can only contain the following values in its Access-Control-Request-Headers: X-Atlassian-Token, Authorization and Content-Type. Adding any more values will make your CORS request rejected.

      Because of that, if a preflight request uses the cookies value, the request will be rejected.

      Some customers prefer to use the cookies method for authentication rather than the accepted ones (X-Atlassian-Token, Authorization and Content-Type)

      Suggestion

      Suggestion 1

      Make the cookies header allowed by Jira in Preflight requests.

      Suggestion 2

      Make the allowed headers configurable that customers can set to what they prefer, based on their use case.

              Unassigned Unassigned
              jrey Julien Rey
              Votes:
              5 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: