Hi,
I'm developing a JIRA plugin using atlassian-connect-express that needs data from an external server.
The external REST API forces me to add a cookie with the JSESSIONID I get from their server to the header and I also have to add an additional header to the REST API call. Is this possible with AP.require? I tried the following code but it does not work:
AP.require("cookie", function(cookie){ cookie.save('JSESSIONID', jsess, 1); AP.require(['request'], function(request) { request({ url: // external API call with redirect, headers: { "Cookie": 'JSESSIONID=' + jsess, "additional-header" : token, "Access-Control-Allow-Origin" : 'https://myplugin.atlassian.net', "Access-Control-Allow-Credentials" : true, "Origin": 'https://myplugin.atlassian.net' }, xhrFields: { withCredentials:true }, type: 'GET', success: function (data) { console.log("Success"); console.log(data); }, error: function (data) { console.log("Error"); console.log(data); } }); });
I get the following error message: "XMLHttpRequest cannot load 'url of external API'. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://myplugin.atlassian.net' is therefore not allowed access." without CORS enabled
and
"XMLHttpRequest cannot load 'url of external API'. The request was redirected to 'redirect url', which is disallowed for cross-origin requests that require preflight." with CORS enabled.
If I do not specify the redirect parameter, the cookie is not used (returns the html of the login page). How can I store the cookie and add the additional header on the client side?
Best regards,
Marie
Community moderators have prevented the ability to post new answers.
You cannot use AP.request to load an external resource, AP.request runs the AJAX in the host product and allowing arbitrary sources would be a security violation. Additionally AP.request doesn't allow you to add headers to a request for the same reason. You can call whatever resource you like from within your add-on's iframe. Also, the Access-Control headers need to be sent from the 3rd party server, it doesn't make sense to set them on a request. I.e. use $.get rather than AP.request.
Unfortunately it is not possible to change the Cookie header with jquery. Right now I'm trying to use my server as a kind of proxy but I get a "403 Forbidden" response in my Javascript console. My hbs file contains:
AP.require(['request'], function(request) { request({ url: '/getdirectory', type: 'GET', success: function(data) { console.log("GET success"); console.log(data); }, error: function(data) { console.log("GET error"); console.log(data); } }); });
and the index.js:
app.get('/getdirectory', addon.authenticate(), function(req,resorg){ var httpClient = addon.httpClient(req); var url = // external REST API console.log("TEST DIRECTORY!"); httpClient.post({ url: url, headers: { 'Cookie': 'JSESSIONID=' + jsessionid, additional_header : token}}, function(err1, res1, body1) { console.log(body1); resorg.setHeader('Content-Type', 'application/json'); resorg.send(JSON.stringify(body1)); }); });
Is it possible to call some function in the index.js like this?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm not sure if I was clear enough. AP.request is a proxy for loading REST APIs on the host product e.g. Confluence, JIRA &c. only. If you want to load '/getdirectory' from your server you need to do it directly from your iframe back to your server: `$.get('/getdirectory')`. You can only manipulate cookies on the same domain your script comes from. Also, your server will need to set the the appropriate Access-Control headers as your script is running in an iframe.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks @Mike Staas do you know if it is possible to request an atlassian-connect call using the "AP.cookies" method ?
Does that make sense ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Can you explain what you are trying to do a bit further please?
Cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi @Mike Staas many thanks for your response.
I wanted to do this 'How to send a signed HTTP request from the iframe back to the add-on service' and I found the answer here
https://bitbucket.org/atlassian/atlassian-connect-express/src/master/ .
Thanks again,
Evangelos
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.