Re: [keycloak-dev] bug: how did javascript adapter ever work?

Maybe its just a firefox thing? The preflight sets the ACCESS_CONTROL_ALLOW_ORIGIN, but I think firefox doesn't remember this and expects the same header for the POST response to code to token. On Sun, Apr 8, 2018 at 9:04 PM, Bill Burke <bburke(a)redhat.com&gt; wrote: > Does our javascript adapter use code to token flow by default? Is > that the preferred mechanism? I don't think anybody is using it and > has never used it if so, because...its broken. > > I'm integrating with a non-keycloak html5 app that is using code to > token and the code to token request is failing with a CORS error. > This is because we do not set allowed origins in TokenEndpoint: > > https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o... > > Embarrassing? Or am i missing something? > > -- > Bill Burke > Red Hat -- Bill Burke Red Hat