<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/4.6.4">
</HEAD>
<BODY>
This case appears because Chrome and Safari are sending the Origin header on same origin PUT, DELETE & POST requests.<BR>
On the other side, Firefox does not send the Origin header on same origin requests. As the Keycloak team explained to me, <BR>
in most JS/HTML apps you'd add origin part of the base url as web origin in the application's settings through the Keycloak administration console.<BR>
However, this does not apply to non-js based app and that's why the base url is not automatically considered as web origin.<BR>
<BR>
Request Method:POST<BR>
Request Headersview source<BR>
Accept:application/json, text/javascript, */*; q=0.01<BR>
Accept-Encoding:gzip,deflate,sdch<BR>
Accept-Language:en-US,en;q=0.8,el;q=0.6<BR>
Connection:keep-alive<BR>
Content-Length:15<BR>
Content-Type:application/json<BR>
Cookie:JSESSIONID=Tw9NmJjHUlRO6JnimwyzS1w3.undefined<BR>
Host:agpushkeycloak-mobileqa.rhcloud.com<BR>
<B><FONT COLOR="#0000ff">Origin:<A HREF="http://agpushkeycloak-mobileqa.rhcloud.com">http://agpushkeycloak-mobileqa.rhcloud.com</A></FONT></B><BR>
Referer:<A HREF="http://agpushkeycloak-mobileqa.rhcloud.com/">http://agpushkeycloak-mobileqa.rhcloud.com/</A><BR>
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36<BR>
X-Requested-With:XMLHttpRequest<BR>
<BR>
On Tue, 2014-02-04 at 18:13 +0100, Karel Piwko wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
* Ember in UPS is firing AJAX request to REST Endpoints on the same domain.
However, as it goes through Keycloak Auth Server, this is considered CORS
request. I had to configure Web Origin for UPS application. This is
confusing to me, Origin header should be transparent for Keycloak as I'm
firing request to the same domain. Note this does not happen in Firefox,
which identifies same domain and avoids Origin header. I need some insight
here from more skilled people.
</PRE>
</BLOCKQUOTE>
<BR>
<BR>
</BODY>
</HTML>