I like the idea of not having to specify the web-origins, but I wonder if there are
use-cases for having web-origins that can't be calculated from the redirect-uris.
Also, the web-origins is used by Keycloak's own endpoints. In this case
"Cross-Origin Tokens" doesn't make sense.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
Sent: Tuesday, 20 May, 2014 2:10:45 PM
Subject: [keycloak-dev] cors setup simplification?
CORS setup is confusing to people. I'm going to remove the web-origins
setting from the admin console. Instead there will be a on/off switch
that says "Cross-Origin Tokens (CORS)". Tokens created for those types
of clients will have the token's origins calculated by iterating over
the redirect uri list.
JBoss, a division of Red Hat
keycloak-dev mailing list