Permitting the Location header has to be changed in the admin endpoints on the Keycloak server side. Adding those properties to keycloak.json only control CORS headers for services in your own application.

Please create a JIRA issue for this, you can mark it as a bug as the admin endpoints should support CORS.

On 16 May 2016 at 23:58, Alex Gouvêa Vasconcelos <alexgv99@gmail.com> wrote:

I'm trying to follow the link obtained in a 201 (user created) in the Keycloak API but I can't access the "location" header which should be returned in the response...

$http.post(url, user)
.then(
function(response) { console.log(response.headers()); },
function(error) {}
)

The whole response.header() collection is empty... yet, the chrome developer console shows the url to the new resource...

I think, maybe this is related to the problem described here (http://www.aaron-powell.com/posts/2013-11-28-accessing-location-header-in-cors-response.html), but I have tryed to add the following lines to my keycloak.json and yet no success:
"enable-cors": true,
"cors-allowed-headers": "Location"

Could anyone help me with that issue?

Regards.
Alex Gouvêa Vasconcelos

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev