[keycloak-user] Keycloak Gatekeeper CORS problem

Bruno Oliveira bruno at abstractj.org
Fri Nov 2 11:14:24 EDT 2018


Thanks for reporting this Geoffrey. I marked you Jira issue for
triage, in this way we can investigate better.
On Wed, Oct 31, 2018 at 2:08 PM Geoffrey Cleaves <geoff at opticks.io> wrote:
>
> I'm having a problem accessing a REST service protected by Gatekeeper via
> AJAX. I have tried many different combinations of settings in the config
> file to no avail. I suspect the Gatekeeper has a bug.
>
> I can access the protected endpoint directly (via Gatekeeper) with no issue
> as there is no CORS. I can use the AJAX method successfully when I use a
> Chrome plugin to enable CORS for these endpoints.
>
> The message from Chrome is:
>
> Access to XMLHttpRequest at 'http://domain.com:3001/endpoint.php' from
> origin 'http://domain2.com:8888' has been blocked by CORS policy: Response
> to preflight request doesn't pass access control check: No
> 'Access-Control-Allow-Origin' header is present on the requested resource.
>
> I see that Chrome only sends an OPTIONS request to Gatekeeper, which does
> not respond with a Access-Control-Allow-Origin header at all, despite my
> config settings below.
>
>
> My config.yml file looks like this:
>
> client-id: {id}
> client-secret: {secret}
> discovery-url: {keyclock end point}
> enable-default-deny: true
> encryption_key: {32characters}
> listen: 0.0.0.0:3000
> redirection-url: http://domain2.com:3001
> upstream-url: http://localhost:8888
> secure-cookie: false
> verbose: true
> #preserve-host: true
> resources:
> - uri: /admin*
>   methods:
>   - GET
>   roles:
>   - test-php-api:test1
>   - client:test2
>   require-any-role: true
>   groups:
>   - admins
>   - users
> - uri: /endpoint.php
>   roles:
>   - test-php-api:test1
> - uri: /backend*
>   roles:
>   - test-php-api:test1
> - uri: /public/*
>   white-listed: true
> - uri: /favicon
>   white-listed: true
> - uri: /css/*
>   white-listed: true
> - uri: /img/*
>   white-listed: true
> cors-origins:
> - '*'
> cors-methods:
> - GET
> - POST
>
>
> Any ideas?
>
> Geoff
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



-- 
- abstractj


More information about the keycloak-user mailing list