[keycloak-user] CORS only for OPTIONS?
Stian Thorgersen
stian at redhat.com
Thu Apr 3 10:20:08 EDT 2014
Have you specified any web origins for your application?
----- Original Message -----
> From: "Juraci Paixão Kröhling" <juraci at kroehling.de>
> To: keycloak-user at lists.jboss.org
> Sent: Thursday, 3 April, 2014 3:14:50 PM
> Subject: Re: [keycloak-user] CORS only for OPTIONS?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 04/03/2014 03:25 PM, Bill Burke wrote:
> > Authenticated, non-preflight requests are handled.
> > Non-authenticated requests are not handled.
>
> Ok, I'm not sure if you mean that the second part is for
> "non-preflight" as well. In any case, the authorization header is not
> sent on the preflight (understandably), so, I guess you meant
> "non-authenticated" on the first part.
>
> A couple of requests/responses from my application, to illustrate what
> is currently happening:
>
> Pre-flight (OPTIONS) request, without authentication (CORS sent)
> - - http://pastebin.com/45raBqy0
>
> Non-preflight (POST), authenticated (no CORS sent):
> http://pastebin.com/E9B6iaAE
>
> Because of the second request, Chrome (and possibly other browsers)
> will not deliver the response to the web application, even though it
> executed the request (as it was allowed by the CORS from the first
> request).
>
> Is this how it should be, or is there a bug somewhere?
>
> - - Juca.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBCgAGBQJTPWzaAAoJEDnJtskdmzLMfncH/0iWPnCPOXCeD4ckmSfNGM9Z
> vx4fmVrWrr1BExzfmJqeqOfVYnGfaVKgN0U3Dq1mRexGW7hedybHhXwTiJME5SH3
> 48fvoAUzekXMLk1OhlFdHKzQmCCbI8GdtdebAri7gigqVNBMI/usOPkY1kUGxbTO
> w12PZqwnaUgSbHuwL/5zKLuhMF16TqzPan1E1jj3yhKGtZBCJz8TA0G6dHv76LbL
> Y4ociQEJOsy3TFym4PSES8gQ24sDtR8WQPycl/Q88PvI+7SkZ6lGfq4SYhNXYcIY
> gh/5v/MQXlGKAHN5doNbRlpWPqozWHK9/RqV34qtG9S5w3eNz6DeetpWdDzYOYg=
> =WhPv
> -----END PGP SIGNATURE-----
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list