[keycloak-dev] cors setup simplification?
Stian Thorgersen
stian at redhat.com
Tue May 20 09:33:48 EDT 2014
I like the idea of not having to specify the web-origins, but I wonder if there are use-cases for having web-origins that can't be calculated from the redirect-uris.
Also, the web-origins is used by Keycloak's own endpoints. In this case "Cross-Origin Tokens" doesn't make sense.
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 20 May, 2014 2:10:45 PM
> Subject: [keycloak-dev] cors setup simplification?
>
> CORS setup is confusing to people. I'm going to remove the web-origins
> setting from the admin console. Instead there will be a on/off switch
> that says "Cross-Origin Tokens (CORS)". Tokens created for those types
> of clients will have the token's origins calculated by iterating over
> the redirect uri list.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list