Tuleap - REST API with Cross-Origin Resource Sharing
I have a question regarding the Tuleap REST API when used with CORS.
Basically, I'm trying to make a REST call to see the backlog of my project.
Referring to the API Explorer, to do so I need to do a GET call like this: /api/projects/{id}/backlog I also need to add the custom headers X-Auth-Token and X-Auth-UserId to ensure the authentication.
When I do this request with a HTTP Request tool (Poster for Firefox) everything works fine and I get status 200.
The problem now is that I'm trying to develop an application (in angularJS) that would do the same request.
I noticed that when the page is doing the request, it starts by doing a preflight OPTIONS request which is due to the Cross-Origin-Ressource-Sharing.
It seems like the X-Auth-Token and X-Auth-UserId header are being put in the Access-Control-Request-Headers. Because of that I get an unauthorized 401 response code from the server and I can't complete the request.
I've been looking online and couldn't find my answer as how to make this call work.
There was a recent contribution that should remove the need for authentication on all OPTIONS routes in order to enable the preflight: http://gerrit.tuleap.net/#/c/2642/ It was Integrated in Tuleap 7.2.99.36 Either your version of Tuleap is too old or there is a bug.
Note all calls still require some headers such as "Content-Type: application/json"; the integration tests should provide good examples of how to make calls:
and
- REST API design: one endpoint with if/else logic or two separate role based endpoints
- My Component in React JS application don't read the Headers from REST-Api - Headers is Empty
- {"the request was aborted: the connection was closed unexpectedly."}. I got this message when all api in for loop
- HTTP Status Code for Resource not yet available
- LinkedIn Rich Media Shares API error 'Not enough permissions to access media resource'
- Why i can access dahsboard even when my login fail?
- What’s the best RESTful method to return total number of items in an object?
- Is it still possible to use the NASA Insights API for Mars weather?
- JavaScript API Response - if clause for 'null' response
- User's password update via WordPress REST API
- Is it ok to create entity in GET REST controller method with name getOrCreateIfNotExist?
- How to get LinkedIn access token in iOS to call API?
- UPS OAuth2.0 Access token request with SQL in RPG-Program "Invalid/Missing Authorization Header" with BASE64ENCODE
- Representing a neural network as a resource JSON for API?
- Making a MultiPart Put request via Spring Rest to call a API with formData (Replace Apache MultipartEntityBuilder with REST)
- Django REST Framework: adding additional field to ModelSerializer
- Mocking RestClient using Mockito
- Which is easy to use Afnetworking/Nsurlsession/Alamofire
- Spring RestTemplate POST Query with Headers and Body
- Spring controller that accepts both MultipartFile and also a JSON Object
- How to make https request and encrypt POST parameters?
- Why is FedEx API returning encoded characters?
- Why does the Laravel API return a 419 status code on POST and PUT methods?
- CORS error in node express REST API (PATCH Request)
- No connection could be made because the target machine actively refused it 127.0.0.1:3446
- Confused with Codable
- RESTful API Create - should it return conflict if exist, or be idempotent and return 200 if values are the same?
- JFrog REST API to Export the X-ray SBOM report
- How should I pass multiple parameters to an ASP.Net Web API GET?
- Does a predefined mediator exist for REST-to-SOAP or SOAP-to-REST mediation?