<div dir="ltr">You're missing the "Authorization" header in your Access-Control-Allow-Headers directive.<div><br></div><div>You can alternatively pass the basic auth in your URI, eg xhr.open("GET", "<a href="https://username:password@1.2.3.4/">https://username:password@1.2.3.4/</a>") rather than crafting it manually.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 13, 2017 at 4:50 PM, Ajay Garg <span dir="ltr"><<a href="mailto:ajaygargnsit@gmail.com" target="_blank">ajaygargnsit@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Strange, but rebooting the machine caused the credentials-popup to be<br>
seen again :-|<br>
Sorry for the noise here.<br>
<br>
There has been some progress, but still get a "CORS preflight did not<br>
succeed error".<br>
Following is what I am doing.<br>
<br>
<br>
a)<br>
Following is the server-block in /etc/nginx/conf.d/default.conf ::<br>
<br>
##############################<wbr>##############################<wbr>##############<br>
<span class="">server {<br>
<br>
                listen 443 ssl;<br>
<br>
                ssl_certificate /etc/nginx/ssl/nginx.crt;<br>
                ssl_certificate_key /etc/nginx/ssl/nginx.key;<br>
<br>
</span>                add_header 'Access-Control-Max-Age' 1728000 'always';<br>
                add_header 'Access-Control-Allow-Origin' $http_origin 'always';<br>
                add_header 'Access-Control-Allow-<wbr>Credentials' 'true' 'always';<br>
<span class="">                add_header 'Access-Control-Allow-Methods' 'GET, POST,<br>
OPTIONS' 'always';<br>
</span><span class="">                add_header 'Access-Control-Allow-Headers'<br>
'DNT,Access-Control-Allow-<wbr>Origin,X-CustomHeader,Keep-<wbr>Alive,User-Agent,X-Requested-<wbr>With,If-Modified-Since,Cache-<wbr>Control,Content-Type'<br>
'always';<br>
<br>
                location / {<br>
<br>
</span><span class="">                        auth_basic 'Restricted';<br>
                        auth_basic_user_file /etc/nginx/ssl/.htpasswd;<br>
<br>
                        proxy_set_header 'Access-Control-Max-Age' 1728000;<br>
                        proxy_set_header 'Access-Control-Allow-Origin' '*';<br>
                        proxy_set_header<br>
'Access-Control-Allow-<wbr>Credentials' 'true';<br>
                        proxy_set_header<br>
'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';<br>
                        proxy_set_header<br>
'Access-Control-Allow-Headers'<br>
'DNT,X-CustomHeader,Keep-<wbr>Alive,User-Agent,X-Requested-<wbr>With,If-Modified-Since,Cache-<wbr>Control,Content-Type';<br>
<br>
                        proxy_pass<br>
$forwarded_protocol://<a href="http://127.0.0.">127.0.0.</a><wbr>1:$forwarded_port;<br>
<br>
                }<br>
        }<br>
</span>##############################<wbr>##############################<wbr>##############<br>
<br>
<br>
<br>
<br>
b)<br>
Firing the following html from firefox (sensitive information changed) ::<br>
<br>
##############################<wbr>##############################<wbr>##############<br>
<html><br>
<body><br>
<script type="text/javascript"><br>
var data = null;<br>
<br>
var xhr = new XMLHttpRequest();<br>
xhr.withCredentials = true;<br>
<br>
xhr.addEventListener("<wbr>readystatechange", function () {<br>
      if (this.readyState === 4) {<br>
              console.log(this.responseText)<wbr>;<br>
                }<br>
});<br>
<br>
xhr.open("GET", "<a href="https://1.2.3.4/" rel="noreferrer" target="_blank">https://1.2.3.4/</a>");<br>
xhr.setRequestHeader("<wbr>authorization", "Basic abcdefg");<br>
xhr.setRequestHeader("cache-<wbr>control", "no-cache");<br>
<br>
xhr.send(data);<br>
</script><br>
</body><br>
</html><br>
##############################<wbr>##############################<wbr>##############<br>
<br>
<br>
<br>
Following is received in the firebug-console (sensitive information changed) ::<br>
<br>
##############################<wbr>##############################<wbr>##############<br>
GET <a href="https://23.253.207.208/" rel="noreferrer" target="_blank">https://23.253.207.208/</a><br>
uff.html (line 19)<br>
Headers<br>
<br>
Accept<br>
text/html,application/xhtml+<wbr>xml,application/xml;q=0.9,*/*;<wbr>q=0.8<br>
Accept-Encoding   gzip, deflate, br<br>
Accept-Language   en-US,en;q=0.5<br>
Authorization         Basic abcdefg<br>
Cache-Control       no-cache<br>
Host                     1.2.3.4<br>
Origin                    null<br>
User-Agent            Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:47.0)<br>
Gecko/20100101 Firefox/47.0<br>
<span class=""><br>
<br>
Cross-Origin Request Blocked: The Same Origin Policy disallows reading<br>
</span>the remote resource at <a href="https://1.2.3.4/" rel="noreferrer" target="_blank">https://1.2.3.4/</a>. (Reason: CORS preflight<br>
channel did not succeed).<br>
##############################<wbr>##############################<wbr>##############<br>
<br>
<br>
I am beginning to believe that I am close to solving the issue (of<br>
course all credit to tremendous help from this list).<br>
I will be grateful for the last bit of help being received by the<br>
really helpful experts here..<br>
<br>
Sorry again for the noise in my previous email.<br>
<br>
<br>
Thanks and Regards,<br>
<div class="HOEnZb"><div class="h5">Ajay<br>
______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br></div>