I´m calling JIRA REST API from JavaScript in a Confluence User Macro and I´m facing CORS issues because JIRA and Confluence are on two different domains and preflight request from browser is failing. I have tried several CORS solutions as described below, without any success. So Im begging for some input from others that probably have solved this issue.

JavaScript snippet that is failing:

AJS.$.ajax({
            type: "GET",
            url: "http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)",
            dataType: "json",
            contentType: "application/json",
            async: false
        })

Error message (from Firefox):

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45). This can be fixed by moving the resource to the same domain or enabling CORS.

JIRA Configuration

• JIRA Version: 6.4.12
• Url: http://jira.mydomain.com
• Running Apache in front (proxy): Yes
  • Response Headers Configuration:
    • Access-Control-Allow-Headers:origin, content-type, accept
    • Access-Control-Allow-Methods:POST, GET, OPTIONS
    • Access-Control-Allow-Origin:*
• Confluence added to the whitelist: Yes
  • Expression: Confluence (http://confluence.mydomain.com)
  • Type: Application Link
  • Allow Incoming: True

Confluence Configuration

• Confluence Version: 5.8.8
• Url: http://confluence.mydomain.com
• Running Apache in front (proxy): Yes
  • Response Headers Configuration:
    • Access-Control-Allow-Origin:*
• JIRA added to the whitelist: Yes
  • Expression: Confluence (http://jira.mydomain.com)
  • Type: Application Link
  • Allow Incoming: True

Tested with browsers:

• Chrome (latest)
• Safari (latest)
• Firefox (latest)

Testing preflight request (OPTIONS) with CURL:

ismar.slomic$ curl -X OPTIONS "http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)" -v
*   Trying 10.107.1.24...
* Connected to jira.mydomain.com (127.0.0.1) port 80 (#0)
> OPTIONS /rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45) HTTP/1.1
> Host: jira.mydomain.com
> User-Agent: curl/7.43.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host jira.mydomain.com left intact
curl: (52) Empty reply from server

This seems to be positive response.

Testing preflight request (OPTIONS) with Crome extention Postman:

OPTIONS http://jira.mydomain.com/rest/api/latest/search/?jql=issue%20in%20linkedIssues(SR-45)

Response error: Could not get any response. This seems to be like an error connecting to http://jira.mydomain.com/rest/api/latest/search/?issue%20in%20linkedIssues(SR-45)

Little bit late to answer this, but I'll leave it here for reference.

In my macro I solved this problem the other way around. Instead of sending a direct request to the JIRA server I used an API exposed by the Confluence server to proxy my JIRA request to the linked JIRA instance.

I described this endpoint in another answer. Using this method you don't break the cross-origin policy. In fact this is what JIRA Issues and JIRA Chart macros use to render their widgets.

This approach requires JIRA and Confluence instances to be connected through an Application Link though. But I assume you have admin access to both JIRA and Confluence as you are investigating changing the origin policies so it shouldn't be a blocker for you.