Make Jira allow the cookies value for the Access-Control-Allow-Headers in Preflight requests

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: REST API
    • None
    • 3
    • 8

      Issue

      As per this comment, after the bug JRASERVER-59101 got fixed, only some values are accepted by Jira for the Access-Control-Allow-Headers header in preflight requests:

      pre-flight OPTIONS request can only contain the following values in its Access-Control-Request-Headers: X-Atlassian-Token, Authorization and Content-Type. Adding any more values will make your CORS request rejected.

      Because of that, if a preflight request uses the cookies value, the request will be rejected.

      Some customers prefer to use the cookies method for authentication rather than the accepted ones (X-Atlassian-Token, Authorization and Content-Type)

      Suggestion

      Suggestion 1

      Make the cookies header allowed by Jira in Preflight requests.

      Suggestion 2

      Make the allowed headers configurable that customers can set to what they prefer, based on their use case.

            Assignee:
            Unassigned
            Reporter:
            Julien Rey (Inactive)
            Votes:
            5 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: