I am writing an Outlook Add-in and I am trying to make a fetch request to Jira. However, I am running into what I think is a CORS issue and I'm not sure how to get around it.

The error message says:

"[blocked] The page at https://localhost:3000/index.html?_host_Info=Outlook$Mac$16.02$en-US was not allowed to display insecure content from http://mysite.atlassian.net/rest/api/2/myself."

Is there any way to make a fetch request from an Outlook Add-in to get around CORS?

My add-in is just a react based front-end app and the fetch request requires basic authentication which works fine in postman (which of course is outside the browser but outlook add-ins run in a browser component).

When making calls outside the domain your add-in is hosted in, you need to specify those domains in your add-in's manifest:

<AppDomains>
    <AppDomain>http://mysite.atlassian.net/</AppDomain>
    <AppDomain>https://mysite.atlassian.net/</AppDomain>
</AppDomains>