[keycloak-user] Keycloak CORS issue associated with login redirect

[ksl]

I am using Keycloak 4.4.0 to secure my rest service, which is implemented
using Spring Boot and I am using React for the front end.

I get a CORS error when the front end (running on localhost:3000) makes an
API call to localhost:8080/login and is redirected to the Keycloak login
page.

The error is:

`localhost/:1 Failed to load http://localhost:8080/login: Redirect from
'http://localhost:8080/login' to
'http://localhost:9080/auth/realms/hbs/protocol/openid-connect/auth?response_type=code&client_id=hbs&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&state=ab5034a9-4baa-4be3-9ec1-feefbe5f9c0b&login=true&scope=openid'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is
present on the requested resource. Origin 'http://localhost:3000' is
therefore not allowed access.`

I have added a single value of '*' to the Web Origins config section in the
Keycloak client.


I have annotated my REST controller as follows:

    @RestController
    class MyController
    {
        @CrossOrigin
        @GetMapping("/login")
        public ResponseEntity<Foo> getFoo(Principal principal)
        {
            return ResponseEntity.ok(new Foo("blah"));
        }
    }

I have enabled keycloak and cors in the application properties:

    keycloak.cors = true
    keycloak.enabled = true

If I disable keycloak the CORS problem goes away. 

As described  here <https://stackoverflow.com/a/46222250/820657>  , I
suspect the issue is to do with the keycloak server not responding with any
ACCESS-CONTROL-ALLOW-ORIGIN headers despite "web Origins" being correctly
configured in the keycloak admin portal. But I'm not completely sure how to
confirm this.





--
Sent from: http://keycloak-user.88327.x6.nabble.com/