<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 9.9.2014 23:47, Marek Posolda wrote:<br>
</div>
<blockquote cite="mid:540F7585.9020601@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi,<br>
<br>
I am sorry to not help more with the release as I needed to work
especially on some portal related stuff last weeks (hopefully
it's gone now)...<br>
<br>
Found couple of things:<br>
* AccountService is actually broken for me in Chrome due to
latest CSRF stuff. In FF it works fine, but in Chrome I can't
update account or password. For some reason Chrome is always
adding "Origin" header to the update requests (even if they are
not ajax requests). So the newly added condition for CSRF in
AccountService.init will always fail. I have Chrome
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<span style="color: rgb(48, 57, 66); font-family: Ubuntu, Arial,
sans-serif; font-size: 12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; display: inline !important; float: none;">37.0.2062.94
(64-bit)</span> . <br>
</div>
</blockquote>
Created <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://issues.jboss.org/browse/KEYCLOAK-670">https://issues.jboss.org/browse/KEYCLOAK-671</a>
with blocker priority.<br>
<br>
<br>
<br>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://issues.jboss.org/browse/KEYCLOAK-670"></a>
<blockquote cite="mid:540F7585.9020601@redhat.com" type="cite">
<div class="moz-cite-prefix"> <br>
* ServerInfo request (<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://localhost:8080/auth/admin/serverinfo">http://localhost:8080/auth/admin/serverinfo</a>)
is not available with CORS . I've created JIRA <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://issues.jboss.org/browse/KEYCLOAK-670">https://issues.jboss.org/browse/KEYCLOAK-670</a>
and send PR <a moz-do-not-send="true" title="Follow link"
href="https://github.com/keycloak/keycloak/pull/683">https://github.com/keycloak/keycloak/pull/683</a>
for this, which is adding authentication for
ServerInfoAdminResource and then it use allowOrigins from the
authenticated bearer token. Admin console is already using
bearer token for sending ServerInfo requests, so no changes are
needed here. I believe that ServerInfoAdminResource should be
authenticated (don't know why stuff like available social
providers or themes should be publicly available). Let me know
if you seeing issues with it. I did not merge PR so far as
version in master is already changed to 1.0-Final so not sure
what is the state of the release .<br>
<br>
* Realm public resource (<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://localhost:8080/auth/realms/master">http://localhost:8080/auth/realms/master</a>)
is also not available for CORS requests. Not sure if this is an
issue or not? Thing is that unauthenticated requests can't use
CORS at this moment as I don't know what allowedOrigins to use.
Only option is to allow it for all allowedOrigins (send same
"Access-Control-Allow-Origin" as original value of "Origin"
header from the request)<br>
<br>
* There is still quite a lot of INFO logging . For example when
I send product request from the cors-demo example I have 6 new
INFO messages in log (Mainly from org.keycloak.adapters package)<br>
<br>
I will continue with the testing tomorrow.<br>
<br>
Marek<br>
<br>
On 9.9.2014 20:01, Stian Thorgersen wrote:<br>
</div>
<blockquote
cite="mid:1664916110.46418214.1410285683392.JavaMail.zimbra@redhat.com"
type="cite">
<pre wrap="">Yes - I'll do a round of testing tomorrow, but there's nothing outstanding I'm aware of
----- Original Message -----
</pre>
<blockquote type="cite">
<pre wrap="">From: "Bill Burke" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:bburke@redhat.com"><bburke@redhat.com></a>
To: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
Sent: Tuesday, 9 September, 2014 7:30:16 PM
Subject: [keycloak-dev] Are we all set?
can I start doing final testing and release Thursday?
--
Bill Burke
JBoss, a division of Red Hat
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a>
_______________________________________________
keycloak-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
keycloak-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</body>
</html>