Closed dchun closed 9 years ago
I think the problem is the basic authen.
A form_inline.js file used authen header when we opened site and type username/password.
But POST message, web browser use javascript to make xhr request and it doesn't add basic authen header field to message.
This issue will stop when:
Ha! I forgot about that. Good catch. Let's turn of http auth for subdomains and just leave it for the root.
On Feb 8, 2015, at 6:59 PM, phuong3030 notifications@github.com wrote:
I think the problem is the basic authen.
A form_inline.js file used authen header when we opened site and type username/password.
But POST message, web browser use javascript to make xhr request and it doesn't add basic authen header field to message.
— Reply to this email directly or view it on GitHub.
I modified the origin header addition in my local environment as a before filter and I don't get a cors error in my browser but it continues to appear when posting to the production server.
What's strange is that it worked fine before when the cors header was added as an after filter.
Could you look into this? Perhaps we can circumvent this issue by just hardcoding the header to allow all requests in the the nginx config files.