Information:

- Version: Atlassian Jira Project Management Software (v8.14.0#814001

- Use case: Placing external links to JIRA issues

- URL: POST https://[jiraurl]/rest/api/latest/issue/[issuenumber]/remotelink

- Body:

{    "globalId": "system=[externalurl]",    "application": {        "type": "Something",        "name": "Something"    },    "relationship": "causes",    "object": {        "url": "[externalurl]",        "title": "Something",        "summary": "Something",        "icon": {            "url16x16": "[url]",            "title": "Something"        }    }}

- Header: Authorization: Basic base64encoded(user:password)

Problem:

I have tried authenticating with both a regular password (now deprecated) and an application token. However the nginx server returns a 401 Unauthorized HTML:

Response headers: {Server=[nginx], Date=[Tue, 24 Nov 2020 12:34:30 GMT], Content-Type=[text/html;charset=UTF-8], Transfer-Encoding=[chunked], Connection=[keep-alive], X-AREQUESTID=[..], Referrer-Policy=[strict-origin-when-cross-origin], X-XSS-Protection=[1; mode=block], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN], Content-Security-Policy=[frame-ancestors 'self'], WWW-Authenticate=[Basic realm="protected-area", OAuth realm="[url]"], Content-Length=[-1]}
Response body:<html>

<head>
<title>Unauthorized (401)</title>

<!--[if IE]><![endif]-->
<script type="text/javascript">
(function() {
var contextPath = '';

function printDeprecatedMsg() {
if (console && console.warn) {
console.warn('DEPRECATED JS - contextPath global variable has been deprecated since 7.4.0. Use `wrm/context-path` module instead.');
}
}

... (there is more but don't think that's relevant)

The only way I can get it to work currently is to get the atlassian.xsrf.token Cookie and use that, but for an automated application this is not feasible to use.

Do we need to change something in our nginx configuration to allow for the authorization headers to come through?