[keycloak-user] CORS only for OPTIONS?

Juraci Paixão Kröhling juraci at kroehling.de
Thu Apr 3 10:23:18 EDT 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Yes, there are two apps in the game:

- - frontend, with http://127.0.0.1:9000 as an allowed origin
- - backend, bearer-only, without origins defined

Frontend is an HTML-only application, while backend is a REST-only API.

- - Juca.

On 04/03/2014 04:20 PM, Stian Thorgersen wrote:
> Have you specified any web origins for your application?
> 
> ----- Original Message -----
>> From: "Juraci Paixão Kröhling" <juraci at kroehling.de> To:
>> keycloak-user at lists.jboss.org Sent: Thursday, 3 April, 2014
>> 3:14:50 PM Subject: Re: [keycloak-user] CORS only for OPTIONS?
>> 
> On 04/03/2014 03:25 PM, Bill Burke wrote:
>>>> Authenticated, non-preflight requests are handled. 
>>>> Non-authenticated requests are not handled.
> 
> Ok, I'm not sure if you mean that the second part is for 
> "non-preflight" as well. In any case, the authorization header is
> not sent on the preflight (understandably), so, I guess you meant 
> "non-authenticated" on the first part.
> 
> A couple of requests/responses from my application, to illustrate
> what is currently happening:
> 
> Pre-flight (OPTIONS) request, without authentication (CORS sent) -
> http://pastebin.com/45raBqy0
> 
> Non-preflight (POST), authenticated (no CORS sent): 
> http://pastebin.com/E9B6iaAE
> 
> Because of the second request, Chrome (and possibly other
> browsers) will not deliver the response to the web application,
> even though it executed the request (as it was allowed by the CORS
> from the first request).
> 
> Is this how it should be, or is there a bug somewhere?
> 
> - Juca.
>> _______________________________________________ keycloak-user
>> mailing list keycloak-user at lists.jboss.org 
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJTPW7WAAoJEDnJtskdmzLM9YEH/3xE0Czb06QSpN/tJYBh93wn
rUcGXwiH3PqVtOqJcBmCWfYD734Zqe2ZfG2UN3E12VT4gWuA73SlE2lhHqt5/KS+
6G4gKuH45EXkO3GgdpTm60qPIRpBQbR0UjFo+k1dhR/f4ck3VR2uPLmmWvAeREpG
sMlu8ZbR/S0EO6by69Lp3l3TcXYKuYdEDBK404i7Js46r8IgMAE4c/Mx8ZtRTAQa
1liqg5YQ16DkuBd0m45Vhdk1gseSe+vUHSOyF46+J/daOn4THsaLMebYKXAAAp3s
uIG3tMyKx/q6E7pICHD+/iW04NlPoHevcbFlLhSnwz8O8oH19Yr4WuYcSKKhaTI=
=SfMO
-----END PGP SIGNATURE-----

More information about the keycloak-user mailing list