[keycloak-dev] [aerogear-dev] Aerogear UPS + Keycloak cartridge combined together POC
aemmanou at redhat.com
Wed Feb 5 04:46:12 EST 2014
This case appears because Chrome and Safari are sending the Origin
header on same origin PUT, DELETE & POST requests.
On the other side, Firefox does not send the Origin header on same
origin requests. As the Keycloak team explained to me,
in most JS/HTML apps you'd add origin part of the base url as web origin
in the application's settings through the Keycloak administration
However, this does not apply to non-js based app and that's why the base
url is not automatically considered as web origin.
Request Headersview source
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/31.0.1650.63 Safari/537.36
On Tue, 2014-02-04 at 18:13 +0100, Karel Piwko wrote:
> * Ember in UPS is firing AJAX request to REST Endpoints on the same domain.
> However, as it goes through Keycloak Auth Server, this is considered CORS
> request. I had to configure Web Origin for UPS application. This is
> confusing to me, Origin header should be transparent for Keycloak as I'm
> firing request to the same domain. Note this does not happen in Firefox,
> which identifies same domain and avoids Origin header. I need some insight
> here from more skilled people.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-dev