CORs error with REST api

Please forgive me if this is covered; I’m a longtime Jira admin, but have never used the APIs before.

I’m attempting to write a script that will run from my local webserver and get a list of projects on my Jira cloud site. I’m the admin of the Jira site.

I’m trying to call the REST api via a javascript ajax call and getting a CORS error. I’ve searched community.atlassian.com, but all of the solutions seem to be strictly for Jira Server, not cloud.

Can anyone help me out?

Here’s what my code looks like; apologies for the screenshot - apparently since I’m a new user I can’t post anything with URLs, and can only post a single screenshot.

rest-all1845×836 23.6 KB

Note that if I run the exact same URL with the same Basic authentication header from WebStorm’s REST Client, I get my expected data in the response.

This is an enforcement your browser is enforcing. CORS errors are only caused because your browser notes that the domain for the URL you’re requesting does NOT match the domain for the URL you are currently on.

Generally, people would use back-end programming languages to interact with other services, opposed to writing javascript that is executed in a client’s browser. So the simple correct answer is: Don’t use browser javascript, instead use Node.JS, Python, Bash, Java, something that runs on a server.

I’m curious what your response to this is, so I’ll hold off on other advice.

Thanks for the info. I’m primarily a PHP developer, and I wanted to create a web-based solution where I could have a page that would display all of my projects as checkboxes, so I could select specific projects, then enter data in a field and submit to a POST call that would update the field in all selected projects. The return from the ajax call to /rest/api/3/project/search would be processed by PHP to extract project ID, etc. and generate a series of checkboxes.

I’m not sure how to accomplish something like that without using a browser, but I’d be interested in hearing your advice.

@estrom We actually do support CORS requests when using https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/, as your requests will go through api.atlassian.com were token based authentication is the only thing we allow.

For further explanation: The problem why we don’t support CORS directly on your site host/domain is that we accept session based authentication on there, which would then allow any site to make random, authenticated requests to your site.

The alternative is to proxy your requests through your own backend, which is @sfbehnke was referring to.

Hope this makes sense. Let me know if you have any other questions please.

Thanks. The problem with OAuth is that your PHP examples are extremely unhelpful. They don’t work out of the box, and they rely on a lot of unnecessary dependencies.

I’m having CORS error but I already have access_token created from my app
my code bellow

const { url } = cookies.get('cloud_id')
const jwt = cookies.get('jwt')
return await $axios.get(`${url + JIRA_URL.api.myself}`, {
  headers: {
    Authorization: `Basic ${
      Buffer.from(`sample@email.com:${jwt}`).toString('base64')
    }`,
    Accept: 'application/json',
  },
})

CORS ERROR

Access to XMLHttpRequest at 'https://myntfintech.atlassian.net/rest/api/3/myself' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hi @RyanPagaduan ,

As written above, CORS is only supported when using OAuth 2.0 (3LO) .

However, looking at your code, I cannot really understand what you are doing since you set a Basic Authentication header built with email address and, apparently, a JWT token to your request, instead of using Bearer authentication with the access token.

Please review the steps and examples in the Make calls to the API using the access token section of the documentation page in order to make this work.