CORS headers not being set for a 401 response from upstream.

Maxim Dounin mdounin at
Tue Jul 15 22:21:13 UTC 2014


On Tue, Jul 15, 2014 at 01:37:58PM -0400, ensing wrote:

> Thanks Maxim for the documentation link.
> I am running into a similar issue. But it is for a 504 server time out.
> I'm doing a long-poll, but it is a cross domain long poll GET request. The
> client implementation is trying to use CORS. 
> It all works fine with when the GET requests returns something. 
> But when the server times out (HTTP 504) there is no CORS header information
> on the reply and the client code treats it as:
> 'No 'Access-Control-Allow-Origin' header is present on the requested
> resource'
> Just extending the keepalive_timeout indefinitely is also not a good idea.
> So what is the recommended way to handle a 504. It seems I don't get this in
> the client side XmlHttpRequest. The exceptions occurs before.

The message in question isn't an exception.  Rather, it's an error 
message in your javascript console.  All other code works as 
intended - with the exception that it can't access the response 
returned.  From client code point of view, this is mostly 
identical to network connectivity problem.  And you have to handle 
such problems anyway (and likely in the same way).  In javascript, 
the code should test the "status" property of the XMLHttpRequest 
object to find out if the request was successful or not, see here:

Maxim Dounin

More information about the nginx mailing list