Getting a 403 when doing a POST to Jira Cloud API using proxy

Hi everyone! Forgive me if this has been solved, I’ve looked through every past related question I could find and was not able to get a working solution.

I’m building a small Figma plugin to allow users to create tickets in JIRA from Figma. Since Figma effectively runs as a browser-based application, following the advice of past questions on here I am doing the request through a proxy (Heroku), following the advice of the first answer in a stack overflow post (it won’t let me post the link, please see the first reply for the link to the post).

I’m using the following code and POST request to do this.

const basicAuth = buffer__WEBPACK_IMPORTED_MODULE_6__.Buffer.from(username + ':' + password).toString('base64');
// where password is the API token

const bodyData = `{
              "fields": {
                "summary": "Main order flow broken",
                "issuetype": {
                  "id": "10000"
                "project": {
                  "id": "10000"
                "customfield_10011" : "Test"

fetch(`${companyName}`, {
                method: 'POST',
                headers: {
                'Authorization': `${basicAuth}`,
                'Accept': 'application/json',
                'Content-Type': 'application/json',
                'X-Atlassian-Token': 'nocheck'
                body: bodyData

However, I’m getting the following error when I make the request.

POST    /rest/api/3/issue 403 (Forbidden)
Response: 403 Forbidden
XSRF check failed

When I try the non-proxied URL (removing the heroku app URL from the beginning) in Postman and make the same POST request, it works perfectly. When I use the proxied URL in Postman, it does not work, and produces:

“Missing required request header. Must specify one of: origin,x-requested-with”.

Does anyone have ideas as to how I can resolve this? Thanks so much!

1 Like

Here’s the stack overflow link I referenced: javascript - Trying to use fetch and pass in mode: no-cors - Stack Overflow