Welcome! Log In Create A New Profile


Preflight Request with "ssl_verify_client on;"

Preflight Request with "ssl_verify_client on;"
January 14, 2020 05:05PM
What is the right way to allow OPTIONS requests through with "ssl_verify_client on;"?

the CORS spec specifically prohibits credentials with preflight requests; this isn't a problem with chrome or safari because they chose to just ignore that part, but it makes it impossible to do an authenticated CORS request with firefox unless you set it to optional, which i do not want to do.

So the question is, how do i leave "ssl_verify_client on;" enabled, ONLY allowing requests without a certificate on an OPTIONS request? Also is there a place where I can submit a patch to fix nginx still requiring the certificate on an OPTIONS request? seems like something that should already be set to allow it to comply with the specs
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 86
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready