<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">https://issues.jboss.org/browse/KEYCLOAK-1886</div> <br> <div id="bloop_sign_1443608712558754816" class="bloop_sign"><div style="font-family:helvetica,arial;font-size:13px">-- <br>Tair Sabirgaliev</div><div style="font-family:helvetica,arial;font-size:13px">Bee Software, LLP</div></div> <br><p class="airmail_on" style="color:#000;">On September 30, 2015 at 16:15:26, Marek Posolda (<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div text="#000000" bgcolor="#FFFFFF"><div></div><div>
<title></title>
<div class="moz-cite-prefix">Hi,<br>
<br>
it seems we are not adding CORS headers to error responses. Could
you create JIRA for it? We are returning JSON with error
descriptions and details, the only issue is that you were not able
to read those error details due to the CORS headers.<br>
<br>
Marek<br>
<br>
On 30/09/15 10:08, Tair Sabirgaliev wrote:<br></div>
<blockquote cite="mid:etPan.560b9889.1e0126b5.2fea@MacBook-Pro.local" type="cite">
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">
<span style="font-family: 'helvetica Neue', helvetica;">Hi, </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">I’m
integrating a web application using angularjs 1.4.6 and keycloak
1.5.0. </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">The
application and keycloak app-servers are on different
ports. </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">The
application works ok when the session is not
expired. </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">After
session expiration keycloak.updateToken() fails
with </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">400 Bad
Request. Chrome shows the following in the
console: </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">XMLHttpRequest cannot
load </span><a moz-do-not-send="true" href="http://localhost:8080/auth/realms/demo/protocol/openid-connect/token" style="font-family: 'helvetica Neue', helvetica;">http://localhost:8080/auth/realms/demo/protocol/openid-connect/token</a><span style="font-family: 'helvetica Neue', helvetica;">.
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin '</span><a moz-do-not-send="true" href="http://localhost:9080%27" style="font-family: 'helvetica Neue', helvetica;">http://localhost:9080'</a><span style="font-family: 'helvetica Neue', helvetica;"> is
therefore not allowed access. The response had HTTP status code
400. </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">The
behavior is same with Safari and Firefox. </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">If I get it
right, this 400 response from keycloak shouldn’t
be </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">interpreted
as CORS failure by browsers? </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">This is
keycloak response when session is alive: </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
--> HTTP/1.1 200 OK </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
X-Powered-By:
Undertow/1 </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Server:
WildFly/9 </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Access-Control-Expose-Headers:
Access-Control-Allow-Methods </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Date: </span><a moz-do-not-send="true" href="http://airmail.calendar/2015-09-29%2010:54:52%20GMT+6" style="font-family: 'helvetica Neue', helvetica;">Tue, 29 Sep 2015
04:54:52 GMT</a><span style="font-family: 'helvetica Neue', helvetica;"> </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Connection:
keep-alive </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Access-Control-Allow-Origin: </span><a moz-do-not-send="true" href="http://localhost:9080/" style="font-family: 'helvetica Neue', helvetica;"></a><a class="moz-txt-link-freetext" href="http://localhost:9080">http://localhost:9080</a><span style="font-family: 'helvetica Neue', helvetica;"> </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Access-Control-Allow-Credentials:
true </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Transfer-Encoding:
chunked </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Content-Type:
application/json </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">And this
one with session expired: </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
--> HTTP/1.1 400 Bad
Request </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Connection:
keep-alive </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
X-Powered-By:
Undertow/1 </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Server:
WildFly/9 </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Transfer-Encoding:
chunked </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Content-Type:
application/json </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">
Date: </span><a moz-do-not-send="true" href="http://airmail.calendar/2015-09-29%2010:55:03%20GMT+6" style="font-family: 'helvetica Neue', helvetica;">Tue, 29 Sep 2015
04:55:03 GMT</a><span style="font-family: 'helvetica Neue', helvetica;"> </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">So my
concerns are: </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">1. Why CORS
headers depend on session validity? This caused much confusion for
me, </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">because I
thought there is a problem with CORS, until I understood this
was session problem. </span><br style="font-family: 'helvetica Neue', helvetica;">
<br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">2. I think
it would also be great to have some more context on error
responses </span><br style="font-family: 'helvetica Neue', helvetica;">
<span style="font-family: 'helvetica Neue', helvetica;">(like
returning some json with error description), because HTTP responses
are too generic. </span><br style="font-family: 'helvetica Neue', helvetica;"></div>
<br>
<div id="bloop_sign_1443600488081101824" class="bloop_sign">
<div style="font-family:helvetica,arial;font-size:13px">
-- <br>
Tair Sabirgaliev</div>
<div style="font-family:helvetica,arial;font-size:13px">Bee
Software, LLP</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
</pre></blockquote>
<br>
</div></div></span></blockquote></body></html>