Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72854

Make Jira allow the cookies value for the Access-Control-Allow-Headers in Preflight requests

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • REST API
    • None
    • 3
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Issue

      As per this comment, after the bug JRASERVER-59101 got fixed, only some values are accepted by Jira for the Access-Control-Allow-Headers header in preflight requests:

      pre-flight OPTIONS request can only contain the following values in its Access-Control-Request-Headers: X-Atlassian-Token, Authorization and Content-Type. Adding any more values will make your CORS request rejected.

      Because of that, if a preflight request uses the cookies value, the request will be rejected.

      Some customers prefer to use the cookies method for authentication rather than the accepted ones (X-Atlassian-Token, Authorization and Content-Type)

      Suggestion

      Suggestion 1

      Make the cookies header allowed by Jira in Preflight requests.

      Suggestion 2

      Make the allowed headers configurable that customers can set to what they prefer, based on their use case.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-59101 Jira doesn't support preflighted requests for CORS

          • Low - Low priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              jrey Julien Rey
              Votes:
              5 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: