Support preflighted requests for CORS on {{/rest/oauth2}} endpoints

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: REST API
    • None
    • 1

      Issue Summary

      Preflighted requests for CORS are not supported for /rest/oauth2 endpoints

      This is reproducible on Data Center: yes

      Steps to Reproduce

      1. Add your Jira base URL to the allowlist as per Configuring the allowlist and select Allow incoming.
      2. Follow the steps in How to test the Jira Incoming Link OAuth 2.0 API up until step 3.
      3. Check the response headers for the access-control-allow-origin parameter.

      Expected Results

      The access-control-allow-origin key and value present in the response headers, just like with other @CorsAllowed resources as per the fix of JRASERVER-59101 in this comment. For example, with /rest/api/2/project.

      Actual Results

      The access-control-allow-origin key and value do not present in the response headers as shown in the screenshot below. This can be reproduced with all the /rest/oauth2 endpoints.

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

        1. image-2024-06-11-16-51-06-262.png
          image-2024-06-11-16-51-06-262.png
          265 kB
        2. image-2024-06-11-16-48-37-812.png
          image-2024-06-11-16-48-37-812.png
          592 kB

            Assignee:
            Unassigned
            Reporter:
            Michelle Chin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: