We’re developing a JIRA Cloud add-in similar to our currently shipping Confluence Cloud add-in.
Our add-in is completely in HTML/Javascript using the all.js bridging library loaded dynamically from the JIRA Cloud instance and then using the AP object for all JIRA services, primarily the request object.
In Confluence we are able to save attachments to the page using the Confluence attachments REST APIs and AP.request with the the proper headers:
“X-Atlassian-Token”: “nocheck”
But no matter what we do on JIRA Cloud with the JIRA specific attachment create REST APIs called with a POST using the AP supplied request object, I get back a failed POST with an XSRF error.
As suggested some other posts on the forum, I tried “no-check” for the header, even tried walking the all-debug.js calls, but nothing helps.
I thought that this is exactly what the bridging library was supposed to allow to work.
This is absolutely different behavior from Confluence Cloud and prevents us from shipping our add-on.
The same attachment REST APIs work just fine with essentially the same sequence on JIRA Server.
I was told that Dave Meyer might have some insight on this.
Can you confirm your add-on has ‘write’ scope, and provide your AP.request code please?
Many add-ons add attachments so we should be able to get to the bottom of it.
Here’s the essence of the code to write the attachment, same pattern works fine in Confluence Cloud, Confluence Server, and JIRA Server add-ins:
function saveAttachment(theDataToSave) {
// theDataToSave is a large block of base-64 encoded binary data
theFileName = "testattachment.sdr64";
// Make a blob from the SDR data
var theBlob = new Blob([theDataToSave], {
type: 'text/plain; charset="UTF-8"'
});
var formData = new FormData();
formData.append("file", theBlob, theFileName);
var theRequestURL;
// gContentId is the JIRA issue ID, previously obtained in the code
theRequestURL = '/rest/api/2/issue/' + gContentId + '/attachments';
AP.request({
url: theRequestURL,
type: 'POST',
data: formData,
dataType: 'json',
async: true,
processData: false,
contentType: false,
headers: {
"X-Atlassian-Token": "no-check" // Tried nocheck as well as nocache, same issue
},
success: function(theResponse) {
debugger;
// Kick off the next step after the save...
},
error: function(xhr, textStatus, errorThrown) {
// We hit this every time with an XSRF issue
debugger;
alert("Problem saving data: "+xhr.responseText);
}
});
};
David, any way after our add-in POSTs the attachments and they are added to the JIRA issue to have JIRA Cloud refresh the page? I notice that after we add attachments and close our add-in dialog, I have to manually refresh the page to get JIRA Cloud to show them in the Attachments area. On our Server version, I’m able to manually force a refresh since we’re living the same DOM as JIRA, not in a sandboxed iframe. Not a deal killer, but a bit of an annoyance…