Can not do cross domain REST API Call from localhost

Question

I am trying to do login using REST API provided by JIRA in REACT. But I am getting error like

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://localhost:8085' is therefore not allowed access. The response had HTTP status code 403. 
If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Below is my code which I am testing to do sign on.

fetch("https://jira.company.com/rest/auth/latest/session",{
  method:'POST',
  headers: {
    "Content-Type": "application/json",
    "Access-Control-Allow-Origin" : "*"
  },
  body: 
    JSON.stringify({
    username:"username",
    password : "password"})
  }).then(result => console.log(result));

I have also tried with below parameter but it result with same error.

'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',

I have also looked into documentation for JIRA API but can not find anything for cross domain request access. Looking for help to do API call across domain.

The REST API isn't intended to be called from browsers (aka No 'Access-Control-Allow-Origin' header). You can get at it from a server though, e.g. cURL. BTW the username/pwd is usually send in the header with `btoa`. — Ronnie Royston, Mar 13 '18 at 04:22
Thanks Ron, as those APIs are protected cannot be accessed through a browser. Is there any way to call protected API from a browser? — ParthPatel, Mar 13 '18 at 04:54

score 1 · Accepted Answer · answered Mar 13 '18 at 04:02

1

Try by setting mode: 'cors'

fetch("https://jira.company.com/rest/auth/latest/session", {
  method: 'POST',
  headers: {
    "Content-Type": "application/json",
    "Access-Control-Allow-Origin": "*"
  },
  mode: 'cors',
  body: JSON.stringify({
    username: "username",
    password: "password"
  })
}).then(function(resp) {
  return resp.json();

}).then(function(data) {
  console.log(data)
});

Note:In the demo you may see 404 which mean not found because it is not sending username & password

answered Mar 13 '18 at 04:02

brk

43,022
4
37
61

I have tried it with mode:'cors' but it did not solve my problem. I have tried to do same API call using POSTMAN and it is working fine without providing mode in request. – ParthPatel Mar 13 '18 at 04:30
are you still seeing 403? – brk Mar 13 '18 at 04:31
Yes, still getting 403. – ParthPatel Mar 13 '18 at 04:31
Getting "XSRF check failed" when I have checked request in chrome – ParthPatel Mar 13 '18 at 04:41
that may be different from cors – brk Mar 13 '18 at 04:44
@ParthPatel did it worked? – brk Mar 13 '18 at 05:01

Can not do cross domain REST API Call from localhost

1 Answers1