问题
I´m calling JIRA REST API from JavaScript in a Confluence User Macro and I´m facing CORS issues because JIRA and Confluence are on two different domains and preflight request from browser is failing. I have tried several CORS solutions as described below, without any success. So Im begging for some input from others that probably have solved this issue.
JavaScript snippet that is failing:
AJS.$.ajax({
type: "GET",
url: "http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)",
dataType: "json",
contentType: "application/json",
async: false
})
Error message (from Firefox):
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45). This can be fixed by moving the resource to the same domain or enabling CORS.
JIRA Configuration
- JIRA Version: 6.4.12
- Url: http://jira.mydomain.com
- Running Apache in front (proxy): Yes
- Response Headers Configuration:
Access-Control-Allow-Headers:origin, content-type, accept
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:*
- Response Headers Configuration:
- Confluence added to the whitelist: Yes
- Expression: Confluence (http://confluence.mydomain.com)
- Type: Application Link
- Allow Incoming: True
Confluence Configuration
- Confluence Version: 5.8.8
- Url: http://confluence.mydomain.com
- Running Apache in front (proxy): Yes
- Response Headers Configuration:
Access-Control-Allow-Origin:*
- Response Headers Configuration:
- JIRA added to the whitelist: Yes
- Expression: Confluence (http://jira.mydomain.com)
- Type: Application Link
- Allow Incoming: True
Tested with browsers:
- Chrome (latest)
- Safari (latest)
- Firefox (latest)
Testing preflight request (OPTIONS) with CURL:
ismar.slomic$ curl -X OPTIONS "http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)" -v
* Trying 10.107.1.24...
* Connected to jira.mydomain.com (127.0.0.1) port 80 (#0)
> OPTIONS /rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45) HTTP/1.1
> Host: jira.mydomain.com
> User-Agent: curl/7.43.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host jira.mydomain.com left intact
curl: (52) Empty reply from server
This seems to be positive response.
Testing preflight request (OPTIONS) with Crome extention Postman:
OPTIONS http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)
Response error: Could not get any response. This seems to be like an error connecting to http://jira.mydomain.com/rest/api/latest/search/?issue%20in%20linkedIssues(SR-45)
回答1:
Little bit late to answer this, but I'll leave it here for reference.
In my macro I solved this problem the other way around. Instead of sending a direct request to the JIRA server I used an API exposed by the Confluence server to proxy my JIRA request to the linked JIRA instance.
I described this endpoint in another answer. Using this method you don't break the cross-origin policy. In fact this is what JIRA Issues and JIRA Chart macros use to render their widgets. Quote:
JIRA Proxy
Another nice endpoint is
/plugins/servlet/applinks/proxy
. It allows forwarding simple REST requests to the linked JIRA instances. For example/plugins/servlet/applinks/proxy?appId={INSERT APPLINK ID HERE}&path=%2Frest%2Fapi%2F2%2Fsearch
will call JIRA's issue search REST endpoint and list issues available to the user (as in JIRA search). By "simple request" I mean that only GET and POST HTTP methods are supported in the current version (with POST limited toapplication/xml
andmultipart/form-data
content types). The servlet supports both query-string and HTTP-header parameters. Check out the source of the servlet in plugin's source to get more info as I haven't found any online documentation for it.Using this servlet you can get the projects list as well by requesting
/plugins/servlet/applinks/proxy?appId={INSERT APPLINK ID HERE}&path=%2Frest%2Fapi%2F2%2Fproject
Servlets's path in the repo is
confluence-jira-plugin/src/main/java/com/atlassian/confluence/plugins/jira/AppLinksProxyRequestServlet.java
, but most of the important stuff is in its base classconfluence-jira-plugin/src/main/java/com/atlassian/confluence/plugins/jira/AbstractProxyServlet.java
-- confluence REST API request while not being admin ends in 401 error
This approach requires JIRA and Confluence instances to be connected through an Application Link though. But I assume you have admin access to both JIRA and Confluence as you are investigating changing the origin policies so it shouldn't be a blocker for you.
来源:https://stackoverflow.com/questions/33742949/enable-cors-in-jira-rest-api