admin管理员组

文章数量:1435520

I´m calling JIRA REST API from JavaScript in a Confluence User Macro and I´m facing CORS issues because JIRA and Confluence are on two different domains and preflight request from browser is failing. I have tried several CORS solutions as described below, without any success. So Im begging for some input from others that probably have solved this issue.

JavaScript snippet that is failing:

AJS.$.ajax({
            type: "GET",
            url: "/?jql=issue%20in%20linkedIssues(SR-45)",
            dataType: "json",
            contentType: "application/json",
            async: false
        })

Error message (from Firefox):

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at /?jql=issue%20in%20linkedIssues(SR-45). This can be fixed by moving the resource to the same domain or enabling CORS.

JIRA Configuration

• JIRA Version: 6.4.12
• Url:
• Running Apache in front (proxy): Yes
  • Response Headers Configuration:
    • Access-Control-Allow-Headers:origin, content-type, accept
    • Access-Control-Allow-Methods:POST, GET, OPTIONS
    • Access-Control-Allow-Origin:*
• Confluence added to the whitelist: Yes
  • Expression: Confluence ()
  • Type: Application Link
  • Allow Ining: True

Confluence Configuration

• Confluence Version: 5.8.8
• Url:
• Running Apache in front (proxy): Yes
  • Response Headers Configuration:
    • Access-Control-Allow-Origin:*
• JIRA added to the whitelist: Yes
  • Expression: Confluence ()
  • Type: Application Link
  • Allow Ining: True

Tested with browsers:

• Chrome (latest)
• Safari (latest)
• Firefox (latest)

Testing preflight request (OPTIONS) with CURL:

ismar.slomic$ curl -X OPTIONS "/?jql=issue%20in%20linkedIssues(SR-45)" -v
*   Trying 10.107.1.24...
* Connected to jira.mydomain (127.0.0.1) port 80 (#0)
> OPTIONS /rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45) HTTP/1.1
> Host: jira.mydomain
> User-Agent: curl/7.43.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host jira.mydomain left intact
curl: (52) Empty reply from server

This seems to be positive response.

Testing preflight request (OPTIONS) with Crome extention Postman:

OPTIONS /?jql=issue%20in%20linkedIssues(SR-45)

Response error: Could not get any response. This seems to be like an error connecting to /?issue%20in%20linkedIssues(SR-45)

I´m calling JIRA REST API from JavaScript in a Confluence User Macro and I´m facing CORS issues because JIRA and Confluence are on two different domains and preflight request from browser is failing. I have tried several CORS solutions as described below, without any success. So Im begging for some input from others that probably have solved this issue.

JavaScript snippet that is failing:

AJS.$.ajax({
            type: "GET",
            url: "http://jira.mydomain./rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)",
            dataType: "json",
            contentType: "application/json",
            async: false
        })

Error message (from Firefox):

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://jira.mydomain./rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45). This can be fixed by moving the resource to the same domain or enabling CORS.

JIRA Configuration

• JIRA Version: 6.4.12
• Url: http://jira.mydomain.
• Running Apache in front (proxy): Yes
  • Response Headers Configuration:
    • Access-Control-Allow-Headers:origin, content-type, accept
    • Access-Control-Allow-Methods:POST, GET, OPTIONS
    • Access-Control-Allow-Origin:*
• Confluence added to the whitelist: Yes
  • Expression: Confluence (http://confluence.mydomain.)
  • Type: Application Link
  • Allow Ining: True

Confluence Configuration

• Confluence Version: 5.8.8
• Url: http://confluence.mydomain.
• Running Apache in front (proxy): Yes
  • Response Headers Configuration:
    • Access-Control-Allow-Origin:*
• JIRA added to the whitelist: Yes
  • Expression: Confluence (http://jira.mydomain.)
  • Type: Application Link
  • Allow Ining: True

Tested with browsers:

• Chrome (latest)
• Safari (latest)
• Firefox (latest)

Testing preflight request (OPTIONS) with CURL:

ismar.slomic$ curl -X OPTIONS "http://jira.mydomain./rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)" -v
*   Trying 10.107.1.24...
* Connected to jira.mydomain. (127.0.0.1) port 80 (#0)
> OPTIONS /rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45) HTTP/1.1
> Host: jira.mydomain.
> User-Agent: curl/7.43.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host jira.mydomain. left intact
curl: (52) Empty reply from server

This seems to be positive response.

Testing preflight request (OPTIONS) with Crome extention Postman:

OPTIONS http://jira.mydomain./rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)

Response error: Could not get any response. This seems to be like an error connecting to http://jira.mydomain./rest/api/latest/search/?issue%20in%20linkedIssues(SR-45)

• javascript
• cors
• jira-rest-api

Share Improve this question Follow edited Nov 16, 2015 at 20:11 Ismar Slomic asked Nov 16, 2015 at 19:20 Ismar SlomicIsmar Slomic 5,51477 gold badges4646 silver badges6565 bronze badges 8

• Do you get the same error message you got for Firefox on Chrome? – rby Commented Nov 16, 2015 at 19:27
• Error message in Chrome: NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'jira.mydomain./rest/api/latest/search/…... – Ismar Slomic Commented Nov 16, 2015 at 19:32
• It looks like your ajax call is not going through. Maybe you can add an error callback and look at the status you get. Also, you are specifying json as dataType so make sure that you are indeed sending json data. – rby Commented Nov 16, 2015 at 19:41
• Spin up a simple passthrough service on a domain. I've had to do this before, utilized Node in that case. Send it a payload with the URL you want to query at confluence/Jira, and pass back the response it sends. – Brant Commented Nov 16, 2015 at 19:41
• rby: there is no json data to send in this case. Error callback gives following: statusText: "NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'jira.mydomain./rest/api/latest/search/?jql=key=issue in issueLinks(SR-55)" – Ismar Slomic Commented Nov 16, 2015 at 19:49

 |  Show 3 more ments

1 Answer 1

Sorted by: Reset to default 2

Little bit late to answer this, but I'll leave it here for reference.

In my macro I solved this problem the other way around. Instead of sending a direct request to the JIRA server I used an API exposed by the Confluence server to proxy my JIRA request to the linked JIRA instance.

I described this endpoint in another answer. Using this method you don't break the cross-origin policy. In fact this is what JIRA Issues and JIRA Chart macros use to render their widgets. Quote:

JIRA Proxy

Another nice endpoint is /plugins/servlet/applinks/proxy. It allows forwarding simple REST requests to the linked JIRA instances. For example /plugins/servlet/applinks/proxy?appId={INSERT APPLINK ID HERE}&path=%2Frest%2Fapi%2F2%2Fsearch will call JIRA's issue search REST endpoint and list issues available to the user (as in JIRA search). By "simple request" I mean that only GET and POST HTTP methods are supported in the current version (with POST limited to application/xml and multipart/form-data content types). The servlet supports both query-string and HTTP-header parameters. Check out the source of the servlet in plugin's source to get more info as I haven't found any online documentation for it.

Using this servlet you can get the projects list as well by requesting /plugins/servlet/applinks/proxy?appId={INSERT APPLINK ID HERE}&path=%2Frest%2Fapi%2F2%2Fproject

Servlets's path in the repo is confluence-jira-plugin/src/main/java//atlassian/confluence/plugins/jira/AppLinksProxyRequestServlet.java, but most of the important stuff is in its base class confluence-jira-plugin/src/main/java//atlassian/confluence/plugins/jira/AbstractProxyServlet.java

-- confluence REST API request while not being admin ends in 401 error

This approach requires JIRA and Confluence instances to be connected through an Application Link though. But I assume you have admin access to both JIRA and Confluence as you are investigating changing the origin policies so it shouldn't be a blocker for you.

本文标签： javascriptEnable CORS in JIRA REST APIStack Overflow