3

Please find below my code to get response from confluence rest api:

<script type="text/javascript" src="Scripts/jquery.min.js"></script>
<script>
    $.ajax({
        type: "GET",
        url: "https://blog.xxxxx.com/rest/api/content?type=blogpost&spaceKey=xxxxx&expand=space,body.view,version,container",
        contentType: "application/json; charset=utf-8",
        dataType: "jsonp",
        jsonp: 'jsonp-callback',
        async: false,
        success: function (result) {
            console.log(result);
        },
        error: function (xhr, errorText) {
            console.log('Error ' + xhr.responseText);
        }
    });
</script>

I referred this and this as reference but it did not resolve my isse. I am getting error on console Refused to execute script from 'https://blog.xxxxx.com/rest/api/content?type=blogpost&spaceKey=xxxxx&…d=space,body.view,version,container&callback=jsonpCallback&_=1413187692508' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.

I tried with type:post, dataType:json and dataType:jsonp with jsonp: jsonp-callback. None of these worked for me.

In Network tab of chrome developer tools I am getting resposne from confluence but it does not print the same on console or on page.

If I use dataType:json, I am getting an error XMLHttpRequest cannot load https://blog.xxxxx.com/rest/api/content?type=blogpost&spaceKey=xxxxx&expand=space,body.view,version,container. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost' is therefore not allowed access on chrome.

Update Adding mime type application/json for json in IIS does not work.

Updated code

$.ajax({
            type: 'GET',            
            url: 'https://blog.xxxxx.com/rest/api/content?type=blogpost&spaceKey=xxxxx&expand=space,body.view,version,container',   
            dataType: 'jsonp',
            xhrFields: {                
                withCredentials: false
            },
            headers: {
                "Accept" : "application/json; charset=utf-8",
                "Content-Type": "application/javascript; charset=utf-8",
                "Access-Control-Allow-Origin" : "*"
            },
            success: function (result) {
                $('#blog').html(result);
            },
            error: function (xhr, errorText) {
                console.log('Error ' + xhr.responseText);
            }
        });

Still getting the same error.

Response Body

results: [{id:3342352, type:blogpost, title:The stocks that are set to fly (or crash),…},…]
0: {id:3342352, type:blogpost, title:The stocks that are set to fly (or crash),…}
1: {id:3833861, type:blogpost, title:Before earnings season, it's downgrade season,…}
2: {id:3833876, type:blogpost, title:Petrobras - what goes up, must come down,…}
3: {id:3833882, type:blogpost, title:Fishing for Income in the FTSE 100,…}
4: {id:4489219, type:blogpost, title:A Ray of Light Among the Gathering German Gloom,…}
5: {id:4489234, type:blogpost, title:Insider trading falls as buybacks dominate share prices,…}
6: {id:4489241, type:blogpost, title:El Clasico: Nike vs Adidas,…}
7: {id:4489248, type:blogpost, title:Dollar uncertainty exposes investors' complacency,…}
8: {id:4489254, type:blogpost, title:Worst yet to come for the Australian miners,…}
9: {id:4489258, type:blogpost, title:Using Aggregate List Views to Find Lurking Risks,…}
size: 10
start: 0

How do I reolve the issue of MIME type ('application/json') is not executable, and strict MIME type checking is enabled in confluence rest api ???

Community
  • 1
  • 1
Valay
  • 1,991
  • 2
  • 43
  • 98
  • Possible duplicate question : http://stackoverflow.com/questions/24528211/refused-to-execute-script-from-because-its-mime-type-application-json-is – Michael Plakhov Oct 13 '14 at 09:31
  • @MichaelPlakhov - It's duplicate but the solutions given in that question does not work. And my questions is specifically for `confluence rest api`. – Valay Oct 13 '14 at 09:40
  • 1
    `contentType: "application/json; charset=utf-8"` is nonsense. You are making a GET request. There is no request body to describe the content-typeo f. – Quentin Oct 13 '14 at 10:07
  • I am experiencing the same issue. And I cannot solve it now. Continue finding a helpful answer :| – NoName Jul 04 '16 at 04:20

2 Answers2

3

https://blog.xxxxx.com/rest/api/content?type=blogpost&spaceKey=xxxxx&expand=space,body.view,version,container is returning JSON.

You are telling jQuery to read it as JSONP.

JSON and JSONP are different.

You need to either change the server to respond with JSONP or change the JavaScript to expect JSON.

No 'Access-Control-Allow-Origin' header is present on the requested resource

If you change the client to expect JSON, then you also need to change the server (blog.xxxxx.com) to provide the CORS headers that give the browser permission to ignore the Same Origin Policy.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • 1
    I can see the response in `Network` tab but not able to append it on my page. – Valay Oct 13 '14 at 10:44
  • @user3108072 — Of course. You wouldn't get the error messages you were getting if the browser wasn't getting the response. As I said, the problem is (depending on which version of your code you use) either that the data isn't in the format you are trying to parse it as or that your website isn't allowed access to the data so your browser won't let your site's JavaScript get the data. – Quentin Oct 13 '14 at 10:46
  • @user3108072 — Your JavaScript cannot give itself permission to access data from other websites! `Access-Control-Allow-Origin` is a **response** header, not a request header. The server you are asking for the data from has to supply it. – Quentin Oct 13 '14 at 10:55
  • @user3108072 — Telling the server you only accept JSON and then trying to parse whatever the response is as JSONP makes no sense at all. – Quentin Oct 13 '14 at 10:55
  • 1
    @user3108072 — You are still making a GET request. Saying that the request body is `"Content-Type": "application/javascript; charset=utf-8",` is still nonsense as you still don't *have* a request body. – Quentin Oct 13 '14 at 10:56
  • could you please let me know what should I provide at client and what changes shall I make on my server ??? – Valay Oct 13 '14 at 10:57
  • 1
    Note that while the OP is doing a lot of things wrong, this is at least in part likely a `X-Content-Type-Options: nosniff` issue. Responses served with that header cannot be be inserted into ` – apsillers Oct 13 '14 at 10:58
  • 1
    The ones I mentioned in the answer. Start by picking if you are dealing in JSON or JSONP. If you pick JSONP, then get rid of all the header stuff, and get the server to respond with JSONP. If you pick JSON, then get rid of all the client side setting of header stuff, and have the server return an access control origin header. – Quentin Oct 13 '14 at 10:59
1

I see this in Docs:

Only available on GET. The returned content type MUST be application/javascript .

Also check JSONP enabled

Michael Plakhov
  • 2,292
  • 2
  • 19
  • 21