search

xvrh / atlassian_apis

https://pub.dev/packages/atlassian_apis
MIT License
8 stars 7 forks source link

XSRF check failed for POST Endpoints? #42

Open ObserverMoment opened 7 months ago

ObserverMoment commented 7 months ago

Hello!

I am trying to create an issue from a Flutter Web via the /issue endpoint but I always get a 403 XSRF check failed error response.

https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-post

Request URL:
https://iaido.atlassian.net/rest/api/3/issue
Request Method:
POST
Status Code:
403 Forbidden
Remote Address:
185.166.141.1:443
Referrer Policy:
strict-origin-when-cross-origin

What is the correct way to set this up so that we can access the api from our local build?

Permissions and correct fields for the create issue call have been validated via:

https://iaido.atlassian.net/rest/api/3/issue/createmeta?projectKeys=IAM2&issuetypeIds=10007&expand=projects.issuetypes.fields

and

https://iaido.atlassian.net/rest/api/3/mypermissions?permissions=CREATE_ISSUES

The same call with same headers and body works via curl...

curl --request POST \ --url 'https://[ourdomain].atlassian.net/rest/api/3/issue' \ --header 'Authorization: Basic xxxx' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --data '{ "fields": ... }'

Any help would be very much appreciated.

Thanks,

Rich

xvrh commented 7 months ago

I think this is because of this https://confluence.atlassian.com/kb/cross-site-request-forgery-csrf-protection-changes-in-atlassian-rest-779294918.html And you have to allow your domain in the allowlist: https://confluence.atlassian.com/adminjiraserver073/configuring-the-allowlist-1014667631.html

Hope that helps.

ObserverMoment commented 7 months ago

Hi @xvrh, the first link does seem to be the reason, but the second link looks to be for JiraServer, rather than JiraCloud.

Have you had this package up and running in a local dev environment before, using Jira Cloud as per readme etc?

Thanks,

Rich

xvrh commented 7 months ago

I use this package in mobile apps and backend apps (and it works well).

But I never used this package in a web app. I don't even know if the Cloud REST API is supposed to work from a web page (CORS restrictions, oauth, security etc...).

I'm sure IF the REST API can work in a web app (ie. if you find example online with calls from Javascript), then you'll be able to make it works with this package too.

Good luck.