2

I am using the standard cloud API for Jira and having troubles using their API to create an issue. I have tried both basic and token auth, both with the same CORS error.

I have followed the steps listed in these documents (here and here) and can get the API working in Postman, but not in my React code. I believe this has to do with Postman not sending the preflight options with the request.

Here is a sample of my request with basic auth:

fetch(`https://{DOMAIN}.atlassian.net/rest/api/3/issue/`, {
        method: "POST",
        credentials: 'include',
        headers: {
            "Content-Type": 'application/json',
            "Accept": 'application/json',
            "Authorization": "Basic {ENCODED USERNAME/PASSWORD}"
        },
        body: JSON.stringify(data)
})
.then(...)

Here is a sample of my request with token:

fetch(`https://{DOMAIN}.atlassian.net/rest/api/3/issue/`, {
        method: "POST",
        credentials: 'include',
        headers: {
            "Content-Type": 'application/json',
            "Accept": 'application/json',
            "Authorization": "bearer {TOKEN}"
        },
        body: JSON.stringify(data)
})
.then(...)

Does anyone know how to overcome this CORS error with Jira Cloud API? I found this article but would assume the issue has been resolved: https://jira.atlassian.com/browse/JRACLOUD-30371

UPDATE

Could not get this working via basic auth, however the newer OAuth 2.0 is working (only for GET requests).

Follow updates on this stack overflow question: JIRA Cloud REST API (OAuth 2.0) Error 403 on POST Requests

Charklewis
  • 4,427
  • 4
  • 31
  • 69
  • Have you tried adding `mode: "cors"` to the options beside credentials and method ? – Kabbany Dec 14 '18 at 21:08
  • Yes I have with it producing the same error unfortunately. – Charklewis Dec 14 '18 at 21:09
  • "CORS has been supported in the JIRA REST API since JIRA 6.0 for JIRA Server. If you are a JIRA Server customer, simply go to the "Whitelist" section of JIRA Administration and add the domains you wish to request resources from. Note: You must have the System Administrator global permission to access this section of JIRA administration." Is your domain whitelisted ? – Kabbany Dec 14 '18 at 21:13
  • I am currently using the Jira Cloud API so there is no custom server being used, hence no access to the Jira Admin or whitelist section. I'm exploring using OAuth protocol at the moment, so hopefully that fixes the issue. – Charklewis Dec 14 '18 at 21:28
  • I think what is meant by whitelisting your domain is that you add the domain from which you are making this request to a whitelist so Jira Cloud API accept requests from this domain – Kabbany Dec 14 '18 at 21:30
  • Sure, I don't have access to these settings as they are only available to Jira server customers (not cloud). I have switch to using OAuth and this has fixed the CORS issues, allowing me to GET data. However POST data is not working (returns error 403 - even with the correct authentication, token etc). – Charklewis Dec 15 '18 at 00:30

0 Answers0