1

I'm using an API from JIRA to get some information on bugs. Here's an example of the JQuery I'm using to get it:

var endpoint = 'https://jira.cyanogenmod.org/rest/api/latest/issue/CYAN-2631';
$.get(endpoint, function(data) {
    do_stuff(data, data['fields']['project']['self']);
});

And, I'm getting the ever-terrible Access-Control-Allow-Origin error. It looks like this:

XMLHttpRequest cannot load 
https://jira.cyanogenmod.org/rest/api/latest/issue/CYAN-2631. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://127.0.0.1:8000' is therefore not allowed access.

I'd really like to use this API if possible. Following the directions on this question didn't help. I got another error, 

GET https://jira.cyanogenmod.org/rest/api/latest/issue/CYAN-2631callback=jQuery172039181585889309645_1431307158851?_=1431307165515

Seems to be a Jquery error, so I don't think that's the right approach. Maybe the server doesn't allow for jsonp.

Anyway, does anyone have a way around this or can I just not use this particular API? Thanks

Community
  • 1
  • 1

2 Answers2

2

There is no way to enable cross origin requests entirely from the browser without external code. If there was, it would entirely defeat the purpose of the security protections in the first place.

When using a browser, it is the server that decides if it wants to support cross origin requests or not and what domains it wants to support requests from. You cannot bypass it in the client.

The choices are:

  1. Server enables CORs access from your domain or all domains.
  2. Server supports JSONP allowing you to use it to work-around the cross origin access.
  3. You create your own server proxy where you make a request from the browser to your own server (which would either be same origin or have CORS enabled), then your own server gets the data from the other site and returns it back to the browser. Servers are not limited by the same origin limitations as this is a security feature built into browsers only.
  4. You find some third party proxy service that you can use to serve the same purpose as option #3.

FYI, a Google search turned up this article about enabling CORS on the API: https://answers.atlassian.com/questions/69356/cross-origin-resource-sharing-with-jira-rest-api-and-javascript. I don't understand enough about the service to quite follow the article, but maybe it points you in a helpful direction.

jfriend00
  • 683,504
  • 96
  • 985
  • 979
  • This is a great answer, so I'll keep it as the accepted answer. Though, I should mention that I realized that it's a browser thing. I found a Google-chrome plugin called CORS that allows you to make this requests and it totally works. Not sure what implications this has for pushing to a live website, but at least I can hack around on localhost now :) –  May 11 '15 at 18:07
0

H-i, short answer is "yes".

The medium answer is "enable CORS on your application SERVER"

The long answer is here: http://enable-cors.org/

At some point you'll encounter the concept of a "pre-flight request", and you'll probably get confused.

That's because it's confusing, stupid, and poorly engineered. Just keep on going.

The easiest way to enable CORS is at your webserver (nginx or apache), although, you can enable it in the application itself.

The http://enable-cors.org/ site lists configurations for a variety of web servers and application stacks.

Good luck!

Michael Cole
  • 15,473
  • 7
  • 79
  • 96
  • Sorry, I should've stated this in my question! If I wanted to do this all on the client, is it still possible? JS only? –  May 11 '15 at 01:46
  • Hey Alex, no worries. Yes, it's possible. @jfriend00's answer give a good breakdown of how. – Michael Cole May 11 '15 at 02:15