Tuleap - REST API with Cross-Origin Resource Sharing
I have a question regarding the Tuleap REST API when used with CORS.
Basically, I'm trying to make a REST call to see the backlog of my project.
Referring to the API Explorer, to do so I need to do a GET call like this: /api/projects/{id}/backlog I also need to add the custom headers X-Auth-Token and X-Auth-UserId to ensure the authentication.
When I do this request with a HTTP Request tool (Poster for Firefox) everything works fine and I get status 200.
The problem now is that I'm trying to develop an application (in angularJS) that would do the same request.
I noticed that when the page is doing the request, it starts by doing a preflight OPTIONS request which is due to the Cross-Origin-Ressource-Sharing.
It seems like the X-Auth-Token and X-Auth-UserId header are being put in the Access-Control-Request-Headers. Because of that I get an unauthorized 401 response code from the server and I can't complete the request.
I've been looking online and couldn't find my answer as how to make this call work.
There was a recent contribution that should remove the need for authentication on all OPTIONS routes in order to enable the preflight: http://gerrit.tuleap.net/#/c/2642/ It was Integrated in Tuleap 7.2.99.36 Either your version of Tuleap is too old or there is a bug.
Note all calls still require some headers such as "Content-Type: application/json"; the integration tests should provide good examples of how to make calls:
and
- Spring MVC @RequestParam a list of objects
- why 'PrimitiveValue' or 'StartObject' node was expected error
- Upload file to SharePoint using REST API
- Overlapping method route | Rust axum (utoipa)
- May sec-fetch-dest header be used to distinguish REST requests from other browser HTTP requests?
- Swift (Xcode) REST API Connection using OAuth 1
- REST API Authentication
- FastAPI conflict path parameter in endpoint - good practices?
- Netsuite REST API for cross-subsidiary item fulfillment
- Spring Boot 3: Exclude REST Endpoints from Authorization
- How to make a large file accessible to external APIs?
- Disable default routes of WP REST API
- How to set the Content-Type header for an HttpClient request?
- "Content type 'application/json;charset=UTF-8' not supported" in Spring Rest application
- ConnectWise API getting Invalid Token response
- 403 Forbidden when introducing authorization on spring boot rest
- Using EU VIES REST Service to check VAT Number
- How do I handle plain text HTTP Get response in Golang?
- Jax-rs apache-cxf:No resource methods have been found for resource class
- How get a list with all items beginning with request param from optional stream
- Is it okay to use an HTTP DELETE to deactivate a record?
- how to update dynamodb with pynamodb ORM?
- How to optimize performance and reduce load while designing a RESTful API for displaying related and sibling objects?
- Java Spring: Unsupported Media Type with x-www-form-urlencoded body
- When to use HTTP status code 425 "Too Early"
- How to upload files and attachments to the sobject record using REST API?
- Service Oriented Architecture suggestions
- How to post JSON data to FastAPI and retrieve the JSON data inside the endpoint?
- Polar Accesslink API 403
- How to add multiple headers to RestClient for Spring Boot 3.2