CORS error for plugin/app REST API access

Our Jira DC app exposes REST APIs, and one of our customers wants to use these APIs on their share point website. When calling these APIs from their internal website, its throwing CORS error. We have tried a few things -

  • Added the origin in the allowed list (whitelisting) in Jira DC configuration - after this Jira REST APIs works fine, but app REST APIs still throws CORS error.
  • Added a filter in our app to send the required CORS response headers in case preflight request. But in this filter we are getting request method name as “GET” instead of “OPTIONS” even for options requests.
  • Also tried to assume if the “Origin” header is present then it’s preflight request but in that case, we are getting 401 unauthorized error in the response for preflight request and CORS error for actual get request.
  • Another issue is in preflight request ContainerRequestFilter.filter() method is not getting called where we can stop further processing of request if its preflight/OPTIONS type.

Can someone please help us here with a solution for this issue?

Attached here with the filter class we tried adding to our app.

CorsFilter.txt (3.6 KB)

Please read up on @CorsAllowed which I’ve only read about myself just now:
Some additional context on this jira comment [JRASERVER-59101] Jira doesn't support preflighted requests for CORS - Create and track feature requests for Atlassian products.

Hi @steve.behnke thank you for your response, we will check and try this out.

1 Like