nginx: Do not require Basic Authentication only if http request is OPTIONS

It looks like it is an old post, but found this solution :

Put the following configuration inside "location" and remove any auth_basic from server. This will work

  location / {    # Your node proxy configuration for example #    # Make options requests work #    limit_except OPTIONS {      auth_basic "Restricted access zone";      auth_basic_user_file /etc/nginx/pass/protected;    }  }

The simplest way to deal with this is allow nginx to handle the OPTIONS request:

server {    listen 80;    server_name  example.com;    root /var/www;    auth_basic "Resctricted";    auth_basic_user_file /var/www/.htpasswd;    location / {        if ($request_method = OPTIONS) {            add_header Access-Control-Allow-Origin "http://example.com";            add_header Access-Control-Allow-Methods "GET, OPTIONS";            add_header Access-Control-Allow-Headers "Authorization";            add_header Access-Control-Allow-Credentials "true";            add_header Content-Length 0;            add_header Content-Type text/plain;            return 200;        }    }}

This will allow OPTIONS to get a response without requiring authentication:

scott@Carl www $ curl -i -X OPTIONS http://example.comHTTP/1.1 200 OKServer: nginxDate: Sat, 17 Jun 2017 00:09:52 GMTContent-Type: application/octet-streamContent-Length: 0Connection: keep-aliveAccess-Control-Allow-Origin: http://example.comAccess-Control-Allow-Methods: GET, OPTIONSAccess-Control-Allow-Headers: AuthorizationAccess-Control-Allow-Credentials: trueContent-Length: 0Content-Type: text/plainscott@Carl www $ curl -i http://example.comHTTP/1.1 401 UnauthorizedServer: nginxDate: Sat, 17 Jun 2017 00:09:59 GMTContent-Type: text/htmlContent-Length: 188Connection: keep-aliveWWW-Authenticate: Basic realm="Resctricted"<html><head><title>401 Authorization Required</title></head><body bgcolor="white"><center><h1>401 Authorization Required</h1></center><hr><center>nginx</center></body></html>