In JIRA 7.2 we introduced SOFTWARE REST API. JIRA doesn't support preflighted requests for CORS for new calls.
There are problems here:
- JIRA doesn't add Access-Control-Allow_ headers to the request
- JIRA replies with 401 Unauthorized
- Configure CORS at JIRA for domain 'http://mysite.com'
- Fire the OPTIONS REST call with Origin and Access-Control-Request-Method headers.
Please note that performing certain types of cross-domain AJAX requests, modern browsers that support CORS will insert an extra "preflight" request to determine whether they have permission to perform the action. Eg. Firefox uses "preflight" request for methods other than GET, HEAD or POST.
Response has header with following content:
JIRA replies with 401 Unauthorized :
And this leads to error message in browser:
- Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <URL>. (Reason: CORS preflight channel did not succeed).
If you remove Origin header call succeed, but CORS (Access-Control-Allow_ ) headers are not present:
Please see specification for details: