SignalR without authentication

Question

I'm using Nginx as a reverse proxy for my services.

I use the following config:

location = /order-service/hubs {
    proxy_pass http://order-service/hubs;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;
    
    # Configuration for WebSockets
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_cache_bypass $http_upgrade;

    # Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
    proxy_read_timeout 100s;
}

location /order-service/ {
    proxy_pass http://order-service/;
    proxy_http_version 1.1;
    proxy_redirect off;
    proxy_pass_request_headers      on;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;
    
    # Configuration for WebSockets
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection keep-alive;
    proxy_cache_bypass $http_upgrade;

    auth_basic "Permitted Area";
    auth_basic_user_file /etc/nginx/.htpasswd;
}

As you see the lower part requires basic authentication. But if I want to establish a signalR connection to /order-service/hubs it also asks for authentication.
As I understand the documentation the location match with = stops if something matches, so why it asks for authentication?