Unable to resolve the "Access-Control-Allow-Origin" issue
Ajay Garg
ajaygargnsit at gmail.com
Thu Apr 13 14:50:15 UTC 2017
Strange, but rebooting the machine caused the credentials-popup to be
seen again :-|
Sorry for the noise here.
There has been some progress, but still get a "CORS preflight did not
succeed error".
Following is what I am doing.
a)
Following is the server-block in /etc/nginx/conf.d/default.conf ::
##########################################################################
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
add_header 'Access-Control-Max-Age' 1728000 'always';
add_header 'Access-Control-Allow-Origin' $http_origin 'always';
add_header 'Access-Control-Allow-Credentials' 'true' 'always';
add_header 'Access-Control-Allow-Methods' 'GET, POST,
OPTIONS' 'always';
add_header 'Access-Control-Allow-Headers'
'DNT,Access-Control-Allow-Origin,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'
'always';
location / {
auth_basic 'Restricted';
auth_basic_user_file /etc/nginx/ssl/.htpasswd;
proxy_set_header 'Access-Control-Max-Age' 1728000;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header
'Access-Control-Allow-Credentials' 'true';
proxy_set_header
'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
proxy_set_header
'Access-Control-Allow-Headers'
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
proxy_pass
$forwarded_protocol://127.0.0.1:$forwarded_port;
}
}
##########################################################################
b)
Firing the following html from firefox (sensitive information changed) ::
##########################################################################
<html>
<body>
<script type="text/javascript">
var data = null;
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("GET", "https://1.2.3.4/");
xhr.setRequestHeader("authorization", "Basic abcdefg");
xhr.setRequestHeader("cache-control", "no-cache");
xhr.send(data);
</script>
</body>
</html>
##########################################################################
Following is received in the firebug-console (sensitive information changed) ::
##########################################################################
GET https://23.253.207.208/
uff.html (line 19)
Headers
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate, br
Accept-Language en-US,en;q=0.5
Authorization Basic abcdefg
Cache-Control no-cache
Host 1.2.3.4
Origin null
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:47.0)
Gecko/20100101 Firefox/47.0
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at https://1.2.3.4/. (Reason: CORS preflight
channel did not succeed).
##########################################################################
I am beginning to believe that I am close to solving the issue (of
course all credit to tremendous help from this list).
I will be grateful for the last bit of help being received by the
really helpful experts here..
Sorry again for the noise in my previous email.
Thanks and Regards,
Ajay
More information about the nginx
mailing list