0

here is my curl line which works flawlessly :

curl -D- -u user:pwd -X POST -H "X-Atlassian-Token: nocheck" -F "file=@test.txt" https://domain/csbugtrack/rest/api/2/issue/584025/attachments

I've tried to make an XHR request (a fetch request does also not work) :

const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.open("POST", "https://domain/csbugtrack/rest/api/2/issue/584025/attachments", true);
xhr.setRequestHeader("X-Atlassian-Token", "nocheck");
xhr.setRequestHeader("Authorization", 'Basic ' + btoa('user:pwd'));
const form = new FormData();
form.append('file', new File(['test'], 'D:\test.txt'));
xhr.send(form);

and I get :

Blocage d’une requête multiorigines (Cross-Origin Request) : la politique « Same Origin » ne permet pas de consulter la ressource distante située sur https://domain/csbugtrack/rest/api/2/issue/584025/attachments. Raison : l’en-tête CORS « Access-Control-Allow-Origin » est manquant. Code d’état : 200.

why curl does better and how can I solve this ?

(I've also tried a fetch request which has the similar CORS issue)

CardBook CardBook
  • 11
  • 1
  • Searching the error message will return many, many results describing what CORS is and how it works. (Though in all honesty the English version of the error will likely find more information.) But the point is that the *server* is telling the *browser* not to permit the request. This can't be corrected from client-side code in the browser, you'd have to configure the server to allow the request. – David Mar 10 '23 at 15:58
  • After further investivations, this is a JIRA limitation : the REST APIs are only available with OAuth 2.0 : https://community.developer.atlassian.com/t/cors-error-with-rest-api/27354/7 – CardBook CardBook Mar 10 '23 at 16:21

0 Answers0