Forgive me if this has been solved, I’ve looked through every past related question I could find and was not able to get a working solution.

I’m building a small Figma plugin using javascript to allow users to create tickets in JIRA from Figma. Since Figma effectively runs as a browser-based application, following the advice of past questions on here I am doing the request through a cors anywhere proxy (Heroku), following the advice of the first answer in a stack overflow post.

I’m using the following code and POST request to do this.

const basicAuth = buffer__WEBPACK_IMPORTED_MODULE_6__.Buffer.from(username + ‘:’ + password).toString(‘base64’);
// where password is the API token

const bodyData = { "fields": { "summary": "Main order flow broken", "issuetype": { "id": "10000" }, "project": { "id": "10000" }, "customfield_10011" : "Test" } };

fetch(https://fierce-spire-09192.herokuapp.com/https://${companyName}.atlassian.net/rest/api/3/issue, {
method: ‘POST’,
headers: {
‘Authorization’: ${basicAuth},
‘Accept’: ‘application/json’,
‘Content-Type’: ‘application/json’,
‘X-Atlassian-Token’: ‘nocheck’
},
body: bodyData
})

However, I’m getting the following error when I make the request.

POST https://fierce-spire-09192.herokuapp.com/https://flighthealthtest.atlassian.net/rest/api/3/issue 403 (Forbidden)
Response: 403 Forbidden
XSRF check failed

When I try the non-proxied URL (removing the heroku app URL from the beginning, so just "https://flighthealthtest.atlassian.net/rest/api/3/issue") in Postman and make the same POST request, it works perfectly. When I use the proxied URL in Postman, it does not work, and produces:

“Missing required request header. Must specify one of: origin,x-requested-with”.

Does anyone have ideas as to how I can resolve this? Thanks so much!