To quote previous email from Maxim:
"In javascript, the code should test the "status" property of the XMLHttpRequest object to find out if the request was successful or not"
The problem here is that xhr.status === 0 if you don't have CORS headers present. If nginx doesn't allow you to add_headers for a 401, a 504, a 404 etc then a Javascript app can't react to each response individually.
Isn't it a little rudimentary to expect a Javascript app to treat to all server errors in the same way? Simply because 401 !== 504.