FastAPI with Nginx facing CORS issue

Question

When I try to request information from the API, I get CORS policy issue. The API is in different domain and operating system which is linux. The html is in different domain and different operating system which is windows. I tried using Postman to check if the way works, and it was working fine in postman in both server but when i move to html im facing CORS policy issue.

Update: I managed to fix auth issue in Nginx but now im facing content-type issue, not sure where i need to fix issue. I added content-type in Nginx but it didnt work

below is the error im getting when i run button to run the jQuery code

Access to fetch at 'https://{domainName}/api/connect/308' from origin 'http://127.0.0.1:5500' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers

below is the code I used to get request from the server

        jQuery(".chat-icon").click(function () {
            var userId = "308";
            fetch(url + "connect/" + userId, {
                method: "GET",
                mode: "cors",
                headers: new Headers({
                    "Access-Control-Allow-Methods": "POST,GET,OPTIONS, PUT, DELETE",
                    "Access-Control-Allow-Headers":"Origin, X-Requested-With, Content-Type, Accept, Authorization",
                    "auth": "123456",
                    "Content-Type": "application/json; charset=UTF-8",
                }),
            })
                .then(response => response.json())
                .then(json => {
                    jQuery("#starter").text(json.data);
                    jQuery("#displayDateTime").text(today);
                    $("#dt").text(moment().format('hh:mm:ss a'));
                });

Below is fastAPI setup

orgins=['{certain path}','http//127.0.0.1:5500']

below is nginx config

location /api/ {
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type:application/json; charset=UTF-8,auth';
    add_header 'Content-Type' 'application/json charset=UTF-8';

    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        #
        # Om nom nom cookies
        #
        add_header 'Access-Control-Allow-Credentials' 'true';
        
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
     }
        include proxy_params;
        proxy_pass http://127.0.0.1:5858;
    }

Answer 1

add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type:application/json; charset=UTF-8,auth';

The error seems to be that Content-Type:application/json is not a header name, that's a header name and value.