CORS error when accessing Miro API from Web-plugin

  • 12 January 2021
  • 2 replies

Hi all!

I have an issue with CORS when accessing the Rest API from within a Web-plugin. As explained here, it is very easy to get a Rest Authorization Token to execute API calls from the miro SDK. However, when attempting to get a REST resource (I was getting /v1/boards/{id}/user-connections), I get a CORS exception because I call the API from the domain of my plugin. (which of course runs inside


My understanding is that the only workaround is to make the call to the API from a server and not the browser, which would require my plugin to require a server, which has a big complexity addition - it would be much simpler if it could continue to be hosted as a static website on GitHub Pages.


So my question:

  1. Is there a way that I am not aware of to circumvent this problem (other than hosting a server)?
  2. If there is not, would it be possible to set the Access-Control-Allow-Origin header on requests to * (or potentially more safe to a list of addresses that could be configured on the board or plugin?)



Error Message:
Access to fetch at '' from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.



Best answer by Thor Mitchell 12 January 2021, 18:47

View original

2 replies

Hi Thor

thanks a lot for the fast reply! Makes total sense - I will be looking forward to the improvements.

TO your question: I am writing a plugin for codeBeamer ALM by Intland, which is a tool we are using at my company. The plugin is very similar to the Jira Plugin that you are offering. (I will be submitting the Plugin to you guys to host on the store as soon as I am happy with it for an MVP version :) )

I want to synchronize “Assigned User” information between codeBeamer and Miro. For that, I need to map users, which I was attempting to do by email (the best match, I guess). For that, I need the email addresses of all members of the board (and I believe in addition all members of the owning team, if the team is granted access to the board as they are not listed as members of the board directly). In any case, none of these are available from the SDK (to my knowledge).

I think as an intermediate solution, I will build a cache of user-mappings based on the login-information that users provide when they configure my plugin on any given board. This requires every user to enter and store their codeBeamer username (at least) on the settings of my plugin (I store that mapping board-specific on the metadata of a special widget on the board). While that is not ideal (because it requires every user to tell Miro their codeBeamer account name), it will do the job, I believe.

Let me know if you want to know more - happy to schedule a call as well.

Best regards


Userlevel 2

Hi Max,

Thanks for highlighting this issue. There is unfortunately no simple workaround right now. As you suggest, you do need to proxy requests through a backend service at this time. We have updated the documentation you referenced to make that clear. Apologies for the confusion.

We do hope to address this in future, but there are some improvements that we need to make to how tokens are managed before we feel comfortable encouraging direct REST API queries from client side browser apps.

Out of curiosity, what are the capabilities of the REST APIs that you need to utilise that are not currently available in the Web SDK?

Many thanks,