You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/02/19 09:20:39 UTC

[GitHub] [apisix] jp-gouin commented on issue #3593: request help: OIDC missing Authorization header in CORS

jp-gouin commented on issue #3593:
URL: https://github.com/apache/apisix/issues/3593#issuecomment-781947606


   Hi,
   No in the second scenario the request do not go to the external API , it's blocked by Apisix because of the missing Authorization Header.
   
   In the working scenario this Header is set directly by Apisix (my guess) , but not by the front-end nor the backend.
   I can see this because when i receive the call from the front-end to the back-end of the webapp , i list all the header of the call and i see the Authorization header one.
   
   So when i'm doing a Cors call to an external API (also served by Apisix) , Apisix do not set the Authorization header for the outgoing request as it does for internal call.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org