Unable to resolve the "Access-Control-Allow-Origin" issue

Richard Stanway r1ch+nginx at teamliquid.net
Thu Apr 13 17:37:01 UTC 2017 

You're missing the "Authorization" header in
your Access-Control-Allow-Headers directive.

You can alternatively pass the basic auth in your URI, eg xhr.open("GET", "
https://username:password@1.2.3.4/") rather than crafting it manually.

On Thu, Apr 13, 2017 at 4:50 PM, Ajay Garg <ajaygargnsit at gmail.com> wrote:

> Strange, but rebooting the machine caused the credentials-popup to be
> seen again :-|
> Sorry for the noise here.
>
> There has been some progress, but still get a "CORS preflight did not
> succeed error".
> Following is what I am doing.
>
>
> a)
> Following is the server-block in /etc/nginx/conf.d/default.conf ::
>
> ##########################################################################
> server {
>
>                 listen 443 ssl;
>
>                 ssl_certificate /etc/nginx/ssl/nginx.crt;
>                 ssl_certificate_key /etc/nginx/ssl/nginx.key;
>
>                 add_header 'Access-Control-Max-Age' 1728000 'always';
>                 add_header 'Access-Control-Allow-Origin' $http_origin
> 'always';
>                 add_header 'Access-Control-Allow-Credentials' 'true'
> 'always';
>                 add_header 'Access-Control-Allow-Methods' 'GET, POST,
> OPTIONS' 'always';
>                 add_header 'Access-Control-Allow-Headers'
> 'DNT,Access-Control-Allow-Origin,X-CustomHeader,Keep-
> Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-
> Control,Content-Type'
> 'always';
>
>                 location / {
>
>                         auth_basic 'Restricted';
>                         auth_basic_user_file /etc/nginx/ssl/.htpasswd;
>
>                         proxy_set_header 'Access-Control-Max-Age' 1728000;
>                         proxy_set_header 'Access-Control-Allow-Origin' '*';
>                         proxy_set_header
> 'Access-Control-Allow-Credentials' 'true';
>                         proxy_set_header
> 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
>                         proxy_set_header
> 'Access-Control-Allow-Headers'
> 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-
> With,If-Modified-Since,Cache-Control,Content-Type';
>
>                         proxy_pass
> $forwarded_protocol://127.0.0.1:$forwarded_port;
>
>                 }
>         }
> ##########################################################################
>
>
>
>
> b)
> Firing the following html from firefox (sensitive information changed) ::
>
> ##########################################################################
> <html>
> <body>
> <script type="text/javascript">
> var data = null;
>
> var xhr = new XMLHttpRequest();
> xhr.withCredentials = true;
>
> xhr.addEventListener("readystatechange", function () {
>       if (this.readyState === 4) {
>               console.log(this.responseText);
>                 }
> });
>
> xhr.open("GET", "https://1.2.3.4/");
> xhr.setRequestHeader("authorization", "Basic abcdefg");
> xhr.setRequestHeader("cache-control", "no-cache");
>
> xhr.send(data);
> </script>
> </body>
> </html>
> ##########################################################################
>
>
>
> Following is received in the firebug-console (sensitive information
> changed) ::
>
> ##########################################################################
> GET https://23.253.207.208/
> uff.html (line 19)
> Headers
>
> Accept
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Encoding   gzip, deflate, br
> Accept-Language   en-US,en;q=0.5
> Authorization         Basic abcdefg
> Cache-Control       no-cache
> Host                     1.2.3.4
> Origin                    null
> User-Agent            Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:47.0)
> Gecko/20100101 Firefox/47.0
>
>
> Cross-Origin Request Blocked: The Same Origin Policy disallows reading
> the remote resource at https://1.2.3.4/. (Reason: CORS preflight
> channel did not succeed).
> ##########################################################################
>
>
> I am beginning to believe that I am close to solving the issue (of
> course all credit to tremendous help from this list).
> I will be grateful for the last bit of help being received by the
> really helpful experts here..
>
> Sorry again for the noise in my previous email.
>
>
> Thanks and Regards,
> Ajay
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170413/30df2e7b/attachment-0001.html>

More information about the nginx mailing list