Hi, I’m using front-end to call Jmix /oauth/token API from a different domain. I keep getting error 401 from Jmix even though I already set Jmix CORS domain property.
Here’s my architecture:
- I use Jmix behind my NGINX proxy
- And then I use Cloudflare to proxy the Nginx (but this should not be a problem since Cloudflare won’t interfere with CORS headers)
- I use XMLHttpRequest object to call the oauth token.
Here’s some snippets of NGINX conf:
add_header 'Access-Control-Max-Age' '3600' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
XHR Code:
var xhr = new XMLHttpRequest();
xhr.open("POST", "https://example.com/oauth/token", true, "client", "secret");
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.withCredentials = true;
xhr.send("grant_type=password&username=admin&password=admin");
At one point, it could work, but then after that it doesn’t work anymore. Any idea what changes?