I have a possibly unusual server setup on Amazon using ec2 instances:
- primary server: apache server with elastic IP & domain name (
apps.mysite.com), SSL protection, authentication with auth0, reverse proxies to secondary server at path
- secondary server: different physical server, runs a shiny server web app, no ssl or authentication, only allows connections from primary server
My idea here is to have a primary "gateway" server that is easily addressable and secure, with any number of secondary servers which may be turned on/off on schedules for cost efficiency.
It all seemed to work fine with some test applications, and my real application works fine initially.
https://mysite.auth0.com/authorize?response_type=code&scope=ope…mysite.com%2Fredirect_uri&nonce=.... Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is ''. It must be 'true' to allow credentials. Origin 'https://apps.mysite.com' is therefore not allowed access.
From this SO question I tried adding both
https://apps.mysite.com/* to the relevant Auth0 application's allowed origins, but that didn't help.
Can someone explain to me what is happening, and how I can fix it?