Strange, but rebooting the machine caused the credentials-popup to be
seen again :-|
Sorry for the noise here.
There has been some progress, but still get a "CORS preflight did not
succeed error".
Following is what I am doing.
a)
Following is the server-block in /etc/nginx/conf.d/default.conf ::
##########################################################################
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
add_header 'Access-Control-Max-Age' 1728000 'always';
add_header 'Access-Control-Allow-Origin' $http_origin 'always';
add_header 'Access-Control-Allow-Credentials' 'true' 'always';
add_header 'Access-Control-Allow-Methods' 'GET, POST,
OPTIONS' 'always';
add_header 'Access-Control-Allow-Headers'
'DNT,Access-Control-Allow-Origin,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'
'always';
location / {
auth_basic 'Restricted';
auth_basic_user_file /etc/nginx/ssl/.htpasswd;
proxy_set_header 'Access-Control-Max-Age' 1728000;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header
'Access-Control-Allow-Credentials' 'true';
proxy_set_header
'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
proxy_set_header
'Access-Control-Allow-Headers'
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
proxy_pass
$forwarded_protocol://127.0.0.1:$forwarded_port;
}
}
##########################################################################
b)
Firing the following html from firefox (sensitive information changed) ::
##########################################################################
<html>
<body>
<script type="text/javascript">
var data = null;
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("GET", "https://1.2.3.4/";);
xhr.setRequestHeader("authorization", "Basic abcdefg");
xhr.setRequestHeader("cache-control", "no-cache");
xhr.send(data);
</script>
</body>
</html>
##########################################################################
Following is received in the firebug-console (sensitive information changed) ::
##########################################################################
GET https://23.253.207.208/
uff.html (line 19)
Headers
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate, br
Accept-Language en-US,en;q=0.5
Authorization Basic abcdefg
Cache-Control no-cache
Host 1.2.3.4
Origin null
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:47.0)
Gecko/20100101 Firefox/47.0
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at https://1.2.3.4/. (Reason: CORS preflight
channel did not succeed).
##########################################################################
I am beginning to believe that I am close to solving the issue (of
course all credit to tremendous help from this list).
I will be grateful for the last bit of help being received by the
really helpful experts here..
Sorry again for the noise in my previous email.
Thanks and Regards,
Ajay
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
