CORS Options request requires authorization --> Preflight will always fail #1087
Comments
Phoinix-Dev
changed the title
|
When switching to basic auth instead of digest auth, your password is sent in plain text (over the secure https channel if available) directly with the first request. Then there is no need for back-and-forth to exchange random numbers like with digest auth. No idea if that helps with CORS, though. |
|
Hi @Phoenix-100, saw the same while working on ckulka/baikal-docker#13. The solution was to handle the preflight (OPTIONS) requests in Apache or Nginx instead of Baikal's PHP code. I came up with a working Nginx configuration, hope it helps: |
|
Thank you very much for your answers. |
|
Glad it worked out! Can you post the Apache configuration snippet you added? I bet others run into similar issues and you could help them out when they find this here. |
|
Of course, but I have to mention that I don't check where the request is coming from or going to. RewriteEngine On Header add Access-Control-Allow-Origin "*" |
Hello
I have a problem making a CORS request to the server 0.8.0 due to 401 unauthorized OPTIONS request, a CORS request is impossible.
Expected behaviour:
To make a CORS request in JS, it's expected that the OPTIONS request does not require authorization. The problem is, that a CORS authorization always requires a preflight, due to the custom Auth header. As the preflight itself will make an OPTIONS request that required authorization itself, its impossible to make the request.
Current behaviour:
Currently, the OPTIONS request for CORS receives a 401 unauthorized --> Request impossible.
Is there a built-in solution for that problem?
Thank you.
The text was updated successfully, but these errors were encountered: