Make Jira allow the cookies value for the Access-Control-Allow-Headers in Preflight requests

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: REST API
    • None
    • 3
    • 8

      Issue

      As per this comment, after the bug JRASERVER-59101 got fixed, only some values are accepted by Jira for the Access-Control-Allow-Headers header in preflight requests:

      pre-flight OPTIONS request can only contain the following values in its Access-Control-Request-Headers: X-Atlassian-Token, Authorization and Content-Type. Adding any more values will make your CORS request rejected.

      Because of that, if a preflight request uses the cookies value, the request will be rejected.

      Some customers prefer to use the cookies method for authentication rather than the accepted ones (X-Atlassian-Token, Authorization and Content-Type)

      Suggestion

      Suggestion 1

      Make the cookies header allowed by Jira in Preflight requests.

      Suggestion 2

      Make the allowed headers configurable that customers can set to what they prefer, based on their use case.

              Assignee:
              Unassigned
              Reporter:
              Julien Rey (Inactive)
              Votes:
              5 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: