The issue is actually related to server side . there is some mod security on server that is not authenticating any call to server from app .
It seems like the https in your site is stripping the authorization code(a required parameter while making call to server) which is sent in headers .
Please check this source : https://GITHUB.COM/GESELLIX/KEEPASS-NODE/ISSUES/9
and these relevant links : https://STACKOVERFLOW.COM/QUESTIONS/26549250/APACHE-STRIPS-DOWN-AUTHORIZATION-HEADER
https://HTTPD.APACHE.ORG/DOCS/2.4/EN/MOD/CORE.HTML#CGIPASSAUTH
You need to allow access for authorization to stop stripping of the authorization code from headers .
Please contact your webhost on this .They would have to disable such mod security for this .
