0

I have a question regarding the Tuleap REST API when used with CORS.

Basically, I'm trying to make a REST call to see the backlog of my project.

Referring to the API Explorer, to do so I need to do a GET call like this: /api/projects/{id}/backlog I also need to add the custom headers X-Auth-Token and X-Auth-UserId to ensure the authentication.

When I do this request with a HTTP Request tool (Poster for Firefox) everything works fine and I get status 200.

The problem now is that I'm trying to develop an application (in angularJS) that would do the same request.

I noticed that when the page is doing the request, it starts by doing a preflight OPTIONS request which is due to the Cross-Origin-Ressource-Sharing.

request headers

It seems like the X-Auth-Token and X-Auth-UserId header are being put in the Access-Control-Request-Headers. Because of that I get an unauthorized 401 response code from the server and I can't complete the request.

I've been looking online and couldn't find my answer as how to make this call work.

Patrick Quirk
  • 23,334
  • 2
  • 57
  • 88
Philibert Dugas
  • 3
  • 2

1 Answers1

1

There was a recent contribution that should remove the need for authentication on all OPTIONS routes in order to enable the preflight: http://gerrit.tuleap.net/#/c/2642/ It was Integrated in Tuleap 7.2.99.36 Either your version of Tuleap is too old or there is a bug.

Note all calls still require some headers such as "Content-Type: application/json"; the integration tests should provide good examples of how to make calls:

https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=tree&h=9a513f2b7e765f7b9a4f7f72e9d43f40f623fec5&hb=293d47e4006531d3c0d04edfc6e7058e53c7c9c8&f=tests/rest

and

https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=tree&h=4d9071865a42cbd0d40f5f933b4b0b1047c54a8c&hb=293d47e4006531d3c0d04edfc6e7058e53c7c9c8&f=tests/lib/rest

Jack
  • 71
  • 5