Your are using auth_basic, so the 401 response code is not in the range
that add_header works with ("Adds the specified field to a response header
provided that the response code equals 200, 201, 204, 206, 301, 302, 303,
304, or 307."). You need to use "always" if you want to include the header
in all responses. See the documentation for more details.http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header On Wed, Apr 12, 2017 at 4:48 PM, Ajay Garg <[email protected]> wrote: > For the record, here is the server-block :: > > > ######################################################### > server { > > listen 443 ssl; > > ssl_certificate /etc/nginx/ssl/nginx.crt; > ssl_certificate_key /etc/nginx/ssl/nginx.key; > > add_header 'Access-Control-Max-Age' 1728000; > add_header 'Access-Control-Allow-Origin' $http_origin; > add_header 'Access-Control-Allow-Credentials' 'true'; > add_header 'Access-Control-Allow-Methods' 'GET, POST, > OPTIONS'; > add_header 'Access-Control-Allow-Headers' > 'DNT,Access-Control-Allow-Origin,X-CustomHeader,Keep- > Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache- > Control,Content-Type'; > > location / { > > add_header 'Access-Control-Max-Age' 1728000; > add_header 'Access-Control-Allow-Origin' '*'; > add_header 'Access-Control-Allow-Credentials' > 'true'; > add_header 'Access-Control-Allow-Methods' 'GET, > POST, OPTIONS'; > add_header 'Access-Control-Allow-Headers' > 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested- > With,If-Modified-Since,Cache-Control,Content-Type'; > > auth_basic 'Restricted'; > auth_basic_user_file /etc/nginx/ssl/.htpasswd; > > proxy_set_header 'Access-Control-Max-Age' 1728000; > proxy_set_header 'Access-Control-Allow-Origin' '*'; > proxy_set_header 'Access-Control-Allow-Credentials' > 'true'; > proxy_set_header 'Access-Control-Allow-Methods' > 'GET, POST, OPTIONS'; > proxy_set_header 'Access-Control-Allow-Headers' > 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested- > With,If-Modified-Since,Cache-Control,Content-Type'; > > proxy_pass $forwarded_protocol://127.0.0. > 1:$forwarded_port; > > } > } > ######################################################### > > On Wed, Apr 12, 2017 at 6:13 PM, Ajay Garg <[email protected]> wrote: > >> Hi All. >> >> We are facing the following issue : >> >> Cross-Origin Request Blocked: The Same Origin Policy disallows reading >> the remote resource at https://1.2.3.4/. (Reason: CORS header >> 'Access-Control- >> Allow-Origin' missing). >> >> Have tried everything I could find on the google, but nothing works >> (whatever I do in /etc/nginx/sites-available/default) >> >> >> So, first question first, is it even possible to solve this issue on the >> version, as per the information below :: >> >> ######################################################## >> nginx -V >> nginx version: nginx/1.4.6 (Ubuntu) >> built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) >> TLS SNI support enabled >> configure arguments: --with-cc-opt='-g -O2 -fstack-protector >> --param=ssp-buffer-size=4 -Wformat -Werror=format-security >> -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions >> -Wl,-z,relro' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf >> --http-log-path=/var/log/nginx/access.log >> --error-log-path=/var/log/nginx/error.log >> --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid >> --http-client-body-temp-path=/var/lib/nginx/body >> --http-fastcgi-temp-path=/var/lib/nginx/fastcgi >> --http-proxy-temp-path=/var/lib/nginx/proxy >> --http-scgi-temp-path=/var/lib/nginx/scgi >> --http-uwsgi-temp-path=/var/lib/nginx/uwsgi >> --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module >> --with-http_stub_status_module --with-http_realip_module >> --with-http_addition_module --with-http_dav_module --with-http_flv_module >> --with-http_geoip_module --with-http_gzip_static_module >> --with-http_image_filter_module --with-http_mp4_module >> --with-http_perl_module --with-http_random_index_module >> --with-http_secure_link_module --with-http_spdy_module >> --with-http_sub_module --with-http_xslt_module --with-mail >> --with-mail_ssl_module --add-module=/build/nginx-9sG_ >> hy/nginx-1.4.6/debian/modules/headers-more-nginx-module >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-auth-pam >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-cache-purge >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-dav-ext-module >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-development-kit >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-echo >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/ngx-fancyindex >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-http-push >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-lua >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-upload-progress >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-upstream-fair >> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/ >> ngx_http_substitutions_filter_module >> ########################################################## >> >> >> >> Thanks and Regards, >> Ajay >> > > > > -- > Regards, > Ajay > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
