jp-gouin commented on issue #3593: URL: https://github.com/apache/apisix/issues/3593#issuecomment-781947606
Hi, No in the second scenario the request do not go to the external API , it's blocked by Apisix because of the missing Authorization Header. In the working scenario this Header is set directly by Apisix (my guess) , but not by the front-end nor the backend. I can see this because when i receive the call from the front-end to the back-end of the webapp , i list all the header of the call and i see the Authorization header one. So when i'm doing a Cors call to an external API (also served by Apisix) , Apisix do not set the Authorization header for the outgoing request as it does for internal call. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
