Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Setting cookie in AP.request for external API call

Marie Ritter1
Marie Ritter August 10, 2016

Hi,

I'm developing a JIRA plugin using atlassian-connect-express that needs data from an external server.

The external REST API forces me to add a cookie with the JSESSIONID I get from their server to the header and I also have to add an additional header to the REST API call. Is this possible with AP.require? I tried the following code but it does not work:

AP.require("cookie", function(cookie){
    cookie.save('JSESSIONID', jsess, 1);

    AP.require(['request'], function(request) {
        request({
            url: // external API call with redirect,
            headers: { 
				"Cookie": 'JSESSIONID=' + jsess, 
				"additional-header" : token, 
				"Access-Control-Allow-Origin" : 'https://myplugin.atlassian.net',
                "Access-Control-Allow-Credentials" : true, 
				"Origin": 'https://myplugin.atlassian.net'
			},
            xhrFields: { withCredentials:true },
            type: 'GET',
            success: function (data) {
                console.log("Success");
                console.log(data);
            },
            error: function (data) {
                console.log("Error");
                console.log(data);
            }
        });
    });

I get the following error message: "XMLHttpRequest cannot load 'url of external API'. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://myplugin.atlassian.net' is therefore not allowed access." without CORS enabled

and

"XMLHttpRequest cannot load 'url of external API'. The request was redirected to 'redirect url', which is disallowed for cross-origin requests that require preflight." with CORS enabled.

 

If I do not specify the redirect parameter, the cookie is not used (returns the html of the login page). How can I store the cookie and add the additional header on the client side?

Best regards, 

Marie

Watch
Like Artem likes this
1740 views

2 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

2 votes
Answer accepted
Mike Staas
Mike Staas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 10, 2016

You cannot use AP.request to load an external resource, AP.request runs the AJAX in the host product and allowing arbitrary sources would be a security violation. Additionally AP.request doesn't allow you to add headers to a request for the same reason. You can call whatever resource you like from within your add-on's iframe. Also, the Access-Control headers need to be sent from the 3rd party server, it doesn't make sense to set them on a request. I.e. use $.get rather than AP.request.

View More Comments
Marie Ritter1
Marie Ritter August 11, 2016

Unfortunately it is not possible to change the Cookie header with jquery. Right now I'm trying to use my server as a kind of proxy but I get a "403 Forbidden" response in my Javascript console. My hbs file contains:

AP.require(['request'], function(request) {
    request({
        url: '/getdirectory',
        type: 'GET',
        success: function(data) {
            console.log("GET success");
            console.log(data);
        }, error: function(data) {
            console.log("GET error");
            console.log(data);
        }
    });
});

and the index.js:

app.get('/getdirectory', addon.authenticate(), function(req,resorg){
    var httpClient = addon.httpClient(req);

    var url = // external REST API

    console.log("TEST DIRECTORY!");

    httpClient.post({ url: url, headers: { 'Cookie': 'JSESSIONID=' + jsessionid, additional_header : token}}, function(err1, res1, body1) {
        console.log(body1);
        resorg.setHeader('Content-Type', 'application/json');
        resorg.send(JSON.stringify(body1));
    });
});

Is it possible to call some function in the index.js like this?

Like
Mike Staas
Mike Staas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 11, 2016

I'm not sure if I was clear enough. AP.request is a proxy for loading REST APIs on the host product e.g. Confluence, JIRA &c. only. If you want to load '/getdirectory' from your server you need to do it directly from your iframe back to your server: `$.get('/getdirectory')`. You can only manipulate cookies on the same domain your script comes from. Also, your server will need to set the the appropriate Access-Control headers as your script is running in an iframe.

Like
Marie Ritter1
Marie Ritter August 15, 2016

@Michael Staas Thanks for your clarification, now I understand.

Like
Reply
0 votes
Evangelos Mantadakis
Evangelos Mantadakis September 18, 2018

Thanks @Mike Staas do you know if it is possible to request an atlassian-connect call  using the "AP.cookies" method ? 

Does that make sense ?

View More Comments
Mike Staas
Mike Staas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 18, 2018

Can you explain what you are trying to do a bit further please?

 

Cheers

Like
Evangelos Mantadakis
Evangelos Mantadakis September 19, 2018

hi @Mike Staas many thanks for your response.

I wanted to do this 'How to send a signed HTTP request from the iframe back to the add-on service' and I found the answer here 

https://bitbucket.org/atlassian/atlassian-connect-express/src/master/

Thanks again,

Evangelos

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events