9

I´m calling JIRA REST API from JavaScript in a Confluence User Macro and I´m facing CORS issues because JIRA and Confluence are on two different domains and preflight request from browser is failing. I have tried several CORS solutions as described below, without any success. So Im begging for some input from others that probably have solved this issue.

JavaScript snippet that is failing:

AJS.$.ajax({
            type: "GET",
            url: "http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)",
            dataType: "json",
            contentType: "application/json",
            async: false
        })

Error message (from Firefox):

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45). This can be fixed by moving the resource to the same domain or enabling CORS.

JIRA Configuration

  • JIRA Version: 6.4.12
  • Url: http://jira.mydomain.com
  • Running Apache in front (proxy): Yes
    • Response Headers Configuration:
      • Access-Control-Allow-Headers:origin, content-type, accept
      • Access-Control-Allow-Methods:POST, GET, OPTIONS
      • Access-Control-Allow-Origin:*
  • Confluence added to the whitelist: Yes

Confluence Configuration

Tested with browsers:

  • Chrome (latest)
  • Safari (latest)
  • Firefox (latest)

Testing preflight request (OPTIONS) with CURL:

ismar.slomic$ curl -X OPTIONS "http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)" -v
*   Trying 10.107.1.24...
* Connected to jira.mydomain.com (127.0.0.1) port 80 (#0)
> OPTIONS /rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45) HTTP/1.1
> Host: jira.mydomain.com
> User-Agent: curl/7.43.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host jira.mydomain.com left intact
curl: (52) Empty reply from server

This seems to be positive response.

Testing preflight request (OPTIONS) with Crome extention Postman:

OPTIONS http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)

Response error: Could not get any response. This seems to be like an error connecting to http://jira.mydomain.com/rest/api/latest/search/?issue%20in%20linkedIssues(SR-45)

Ismar Slomic
  • 4,547
  • 6
  • 37
  • 57
  • Do you get the same error message you got for Firefox on Chrome? – rby Nov 16 '15 at 19:27
  • Error message in Chrome: NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues... – Ismar Slomic Nov 16 '15 at 19:32
  • It looks like your ajax call is not going through. Maybe you can add an error callback and look at the status you get. Also, you are specifying json as dataType so make sure that you are indeed sending json data. – rby Nov 16 '15 at 19:41
  • Spin up a simple passthrough service on a domain. I've had to do this before, utilized Node in that case. Send it a payload with the URL you want to query at confluence/Jira, and pass back the response it sends. – Brant Nov 16 '15 at 19:41
  • rby: there is no json data to send in this case. Error callback gives following: statusText: "NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'http://jira.mydomain.com/rest/api/latest/search/?jql=key=issue in issueLinks(SR-55)" – Ismar Slomic Nov 16 '15 at 19:49
  • What **headers** are you receiving in your preflight testing – Jaromanda X Nov 16 '15 at 21:09
  • There is no response (neither headers nor body) when testing preflight from Postman or Chrome Console. I just get error that connection from server has been closed. – Ismar Slomic Nov 16 '15 at 21:14
  • I believe you'll need to use the jsonp data type to get around CORs _or_ make a server-to-server call. – Christopher Marshall Nov 16 '15 at 21:18

1 Answers1

2

Little bit late to answer this, but I'll leave it here for reference.

In my macro I solved this problem the other way around. Instead of sending a direct request to the JIRA server I used an API exposed by the Confluence server to proxy my JIRA request to the linked JIRA instance.

I described this endpoint in another answer. Using this method you don't break the cross-origin policy. In fact this is what JIRA Issues and JIRA Chart macros use to render their widgets. Quote:

JIRA Proxy

Another nice endpoint is /plugins/servlet/applinks/proxy. It allows forwarding simple REST requests to the linked JIRA instances. For example /plugins/servlet/applinks/proxy?appId={INSERT APPLINK ID HERE}&path=%2Frest%2Fapi%2F2%2Fsearch will call JIRA's issue search REST endpoint and list issues available to the user (as in JIRA search). By "simple request" I mean that only GET and POST HTTP methods are supported in the current version (with POST limited to application/xml and multipart/form-data content types). The servlet supports both query-string and HTTP-header parameters. Check out the source of the servlet in plugin's source to get more info as I haven't found any online documentation for it.

Using this servlet you can get the projects list as well by requesting /plugins/servlet/applinks/proxy?appId={INSERT APPLINK ID HERE}&path=%2Frest%2Fapi%2F2%2Fproject

Servlets's path in the repo is confluence-jira-plugin/src/main/java/com/atlassian/confluence/plugins/jira/AppLinksProxyRequestServlet.java, but most of the important stuff is in its base class confluence-jira-plugin/src/main/java/com/atlassian/confluence/plugins/jira/AbstractProxyServlet.java

-- confluence REST API request while not being admin ends in 401 error

This approach requires JIRA and Confluence instances to be connected through an Application Link though. But I assume you have admin access to both JIRA and Confluence as you are investigating changing the origin policies so it shouldn't be a blocker for you.

jannis
  • 3,430
  • 15
  • 38