Authorization header does not reach API only on GET request (nginx)
Perhaps you have to add this to the list of allow headers that can be received, configurable in your Nginx config..
add_header Access-Control-Allow-Headers "Authorization";
Nearly same boat, likely will have same issue, as it stands my developer environment has allowHeaders
set to wildcard.
You may also be required to set allowed methods:
add_header Access-Control-Allow-Methods "GET POST DELETE OPTIONS";
or use *
(wildcard):
add_header Access-Control-Allow-Methods *;
How about this?
if ($http_origin ~* "(|^https?://www\.domain1\.com$|^https?://www\.domain2\.com$|^https?://www\.domain13\.com$)") { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Headers "Authorization"; add_header Access-Control-Allow-Methods "GET POST DELETE OPTIONS"; }