[keycloak-user] Keycloak Gatekeeper CORS problem
Geoffrey Cleaves
geoff at opticks.io
Wed Oct 31 13:01:47 EDT 2018
I'm having a problem accessing a REST service protected by Gatekeeper via
AJAX. I have tried many different combinations of settings in the config
file to no avail. I suspect the Gatekeeper has a bug.
I can access the protected endpoint directly (via Gatekeeper) with no issue
as there is no CORS. I can use the AJAX method successfully when I use a
Chrome plugin to enable CORS for these endpoints.
The message from Chrome is:
Access to XMLHttpRequest at 'http://domain.com:3001/endpoint.php' from
origin 'http://domain2.com:8888' has been blocked by CORS policy: Response
to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested resource.
I see that Chrome only sends an OPTIONS request to Gatekeeper, which does
not respond with a Access-Control-Allow-Origin header at all, despite my
config settings below.
My config.yml file looks like this:
client-id: {id}
client-secret: {secret}
discovery-url: {keyclock end point}
enable-default-deny: true
encryption_key: {32characters}
listen: 0.0.0.0:3000
redirection-url: http://domain2.com:3001
upstream-url: http://localhost:8888
secure-cookie: false
verbose: true
#preserve-host: true
resources:
- uri: /admin*
methods:
- GET
roles:
- test-php-api:test1
- client:test2
require-any-role: true
groups:
- admins
- users
- uri: /endpoint.php
roles:
- test-php-api:test1
- uri: /backend*
roles:
- test-php-api:test1
- uri: /public/*
white-listed: true
- uri: /favicon
white-listed: true
- uri: /css/*
white-listed: true
- uri: /img/*
white-listed: true
cors-origins:
- '*'
cors-methods:
- GET
- POST
Any ideas?
Geoff
More information about the keycloak-user
mailing list