Put request via Angular application returns 'is not allowed by Access-Control'

Hey everyone,

I’m currently running into a problem with the application I’m writing. I’m working in Angular 5 for the first time and I’ve been trying to update the assignee of an issue.

When I test my method in Postman it passes and the information gets changed, but when I try it with my application in my browser (Google Chrome) I get the following error:

‘Method PUT is not allowed by Access-Control-Allow-Methods in preflight response.’
This error occurs when it’s in the OPTIONS request.

Differences in results (Google Chrome and Postman)

The status code I get back in my browser is 200. In Postman this is 204.

In my browser it does not seem to get to the PUT request.

The ‘X-AUSERNAME’ in my browser is ‘anonymous’, but in Postman this is my own username. I also can’t find an Authorization header in my request headers in my browser. I do however set the header before I make the request. This doesn’t occur when I’m executing a GET request. The other headers I set seem to be missing in the request headers as well.

This picture is the code I’m using at this time

  updateReporterByIssueKey(key, assignee, description) {
    const prefix = `https://my-domain-here/rest/api/2/issue/${key}`;
    const jsonString = `{
  "update": {
    "description": [
        "set": "${description};"
   "fields": {
    const httpOptions = {
      headers: new HttpHeaders({
        Authorization: 'Basic ' + btoa(this.authorization),
        Accept: 'application/json',
        'Content-Type': 'application/json'

    const request = {

      httpRequest: new HttpRequest("PUT",prefix,JSON.stringify(jsonString),{headers: httpOptions.headers, responseType: 'json'})

This is the request header from my browser

Anyone who ran into a similar problem?

I’ve run into the same issue and I’m authenticating with VueJs. Jira Cloud Currently doesn’t allow cross origin requests and one needs to build a proxy service in between the app to avoid cross origin request errors. Well that’s what I’ve read so far.

To reiterate my response from another thread, this is not Jira cloud specific. This is how XmlHttpRequest works. Browsers will safeguard the end-user by making sure it only executes trusted client-side code.

You might want to read up on Cross Server Scripting (XSS) and Cross Origin Resource Sharing (CORS)