[keycloak-user] CORS only for OPTIONS?
Juraci Paixão Kröhling
juraci at kroehling.de
Thu Apr 3 10:14:50 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 04/03/2014 03:25 PM, Bill Burke wrote:
> Authenticated, non-preflight requests are handled.
> Non-authenticated requests are not handled.
Ok, I'm not sure if you mean that the second part is for
"non-preflight" as well. In any case, the authorization header is not
sent on the preflight (understandably), so, I guess you meant
"non-authenticated" on the first part.
A couple of requests/responses from my application, to illustrate what
is currently happening:
Pre-flight (OPTIONS) request, without authentication (CORS sent)
- - http://pastebin.com/45raBqy0
Non-preflight (POST), authenticated (no CORS sent):
http://pastebin.com/E9B6iaAE
Because of the second request, Chrome (and possibly other browsers)
will not deliver the response to the web application, even though it
executed the request (as it was allowed by the CORS from the first
request).
Is this how it should be, or is there a bug somewhere?
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCgAGBQJTPWzaAAoJEDnJtskdmzLMfncH/0iWPnCPOXCeD4ckmSfNGM9Z
vx4fmVrWrr1BExzfmJqeqOfVYnGfaVKgN0U3Dq1mRexGW7hedybHhXwTiJME5SH3
48fvoAUzekXMLk1OhlFdHKzQmCCbI8GdtdebAri7gigqVNBMI/usOPkY1kUGxbTO
w12PZqwnaUgSbHuwL/5zKLuhMF16TqzPan1E1jj3yhKGtZBCJz8TA0G6dHv76LbL
Y4ociQEJOsy3TFym4PSES8gQ24sDtR8WQPycl/Q88PvI+7SkZ6lGfq4SYhNXYcIY
gh/5v/MQXlGKAHN5doNbRlpWPqozWHK9/RqV34qtG9S5w3eNz6DeetpWdDzYOYg=
=WhPv
-----END PGP SIGNATURE-----
More information about the keycloak-user
mailing list