There's a web app url of which may vary - it's either .com or my..com depending on if a user is logged or not.
However, there's an element on the main page (that can be accessed via .com or my..com) that requires authentication.
If the logged user accesses the my.*.com and clicks a button it works with no issue. There's just 1 POST request returning 200 as expected.
However, if the logged user access the *.com and clicks the button it results in 2 unsuccessful POST requests. One goes to .com returning 307. The other one goes to my..com and returns 403.
I believe that the problem has to do with misconfigured nginx. My hypothesis is that when the user is redirected no credentials are passed to the backend, that's why I get 403.
Is there something else that might cause the problem? I don't have the full nginx config file but at first sight there's only this redirect used for ssl or should I keep looking futher? :
server {
listen 80;
server_name my.ft01.com;
server_tokens off;
access_log /var/log/nginx/access.log main;
return 301 https://my.ft01.com$request_uri;
}
