<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
it seems we are not adding CORS headers to error responses. Could
you create JIRA for it? We are returning JSON with error
descriptions and details, the only issue is that you were not able
to read those error details due to the CORS headers.<br>
<br>
Marek<br>
<br>
On 30/09/15 10:08, Tair Sabirgaliev wrote:<br>
</div>
<blockquote
cite="mid:etPan.560b9889.1e0126b5.2fea@MacBook-Pro.local"
type="cite">
<style>body{font-family:Helvetica,Arial;font-size:13px}</style>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px; color:
rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><span
style="font-family: 'helvetica Neue', helvetica;">Hi, </span><br
style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">I’m
integrating a web application using angularjs 1.4.6 and
keycloak 1.5.0. </span><br style="font-family: 'helvetica
Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">The
application and keycloak app-servers are on different ports. </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">The
application works ok when the session is not expired. </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">After
session expiration keycloak.updateToken() fails with </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">400 Bad
Request. Chrome shows the following in the console: </span><br
style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">XMLHttpRequest
cannot load </span><a moz-do-not-send="true"
href="http://localhost:8080/auth/realms/demo/protocol/openid-connect/token"
style="font-family: 'helvetica Neue', helvetica;">http://localhost:8080/auth/realms/demo/protocol/openid-connect/token</a><span
style="font-family: 'helvetica Neue', helvetica;">. No
'Access-Control-Allow-Origin' header is present on the
requested resource. Origin '</span><a moz-do-not-send="true"
href="http://localhost:9080%27" style="font-family: 'helvetica
Neue', helvetica;">http://localhost:9080'</a><span
style="font-family: 'helvetica Neue', helvetica;"> is
therefore not allowed access. The response had HTTP status
code 400. </span><br style="font-family: 'helvetica Neue',
helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">The
behavior is same with Safari and Firefox. </span><br
style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">If I get
it right, this 400 response from keycloak shouldn’t be </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">interpreted
as CORS failure by browsers? </span><br style="font-family:
'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">This is
keycloak response when session is alive: </span><br
style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
--> HTTP/1.1 200 OK </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
X-Powered-By: Undertow/1 </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Server: WildFly/9 </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Access-Control-Expose-Headers:
Access-Control-Allow-Methods </span><br style="font-family:
'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Date: </span><a moz-do-not-send="true"
href="http://airmail.calendar/2015-09-29%2010:54:52%20GMT+6"
style="font-family: 'helvetica Neue', helvetica;">Tue, 29 Sep
2015 04:54:52 GMT</a><span style="font-family: 'helvetica
Neue', helvetica;"> </span><br style="font-family: 'helvetica
Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Connection: keep-alive </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Access-Control-Allow-Origin: </span><a
moz-do-not-send="true" href="http://localhost:9080/"
style="font-family: 'helvetica Neue', helvetica;"><a class="moz-txt-link-freetext" href="http://localhost:9080">http://localhost:9080</a></a><span
style="font-family: 'helvetica Neue', helvetica;"> </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Access-Control-Allow-Credentials: true </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Transfer-Encoding: chunked </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Content-Type: application/json </span><br
style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">And this
one with session expired: </span><br style="font-family:
'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
--> HTTP/1.1 400 Bad Request </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Connection: keep-alive </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
X-Powered-By: Undertow/1 </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Server: WildFly/9 </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Transfer-Encoding: chunked </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Content-Type: application/json </span><br
style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Date: </span><a moz-do-not-send="true"
href="http://airmail.calendar/2015-09-29%2010:55:03%20GMT+6"
style="font-family: 'helvetica Neue', helvetica;">Tue, 29 Sep
2015 04:55:03 GMT</a><span style="font-family: 'helvetica
Neue', helvetica;"> </span><br style="font-family: 'helvetica
Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">So my
concerns are: </span><br style="font-family: 'helvetica Neue',
helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">1. Why
CORS headers depend on session validity? This caused much
confusion for me, </span><br style="font-family: 'helvetica
Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">because
I thought there is a problem with CORS, until I understood
this was session problem. </span><br style="font-family:
'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">2. I
think it would also be great to have some more context on
error responses </span><br style="font-family: 'helvetica
Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">(like
returning some json with error description), because HTTP
responses are too generic. </span><br style="font-family:
'helvetica Neue', helvetica;">
</div>
<br>
<div id="bloop_sign_1443600488081101824" class="bloop_sign">
<div style="font-family:helvetica,arial;font-size:13px">-- <br>
Tair Sabirgaliev</div>
<div style="font-family:helvetica,arial;font-size:13px">Bee
Software, LLP</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>