). We need to fix this before releasing :/
----- Original Message -----
From: "Stian Thorgersen" <stian(a)redhat.com>
To: "Bill Burke" <bburke(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, 10 September, 2014 2:11:34 PM
Subject: Re: [keycloak-dev] Are we all set?
We also need to reduce info level log output from adapters. I did this for
the server for rc-2, but completely forgot about adapters. Marek is already
working on this, and I guess it shouldn't take very long.
----- Original Message -----
> From: "Stian Thorgersen" <stian(a)redhat.com>
> To: "Bill Burke" <bburke(a)redhat.com>
> Cc: keycloak-dev(a)lists.jboss.org
> Sent: Wednesday, 10 September, 2014 10:37:15 AM
> Subject: Re: [keycloak-dev] Are we all set?
>
>
>
> ----- Original Message -----
> > From: "Bill Burke" <bburke(a)redhat.com>
> > To: "Marek Posolda" <mposolda(a)redhat.com>, "Stian
Thorgersen"
> > <stian(a)redhat.com>
> > Cc: keycloak-dev(a)lists.jboss.org
> > Sent: Wednesday, 10 September, 2014 3:09:20 AM
> > Subject: Re: [keycloak-dev] Are we all set?
> >
> >
> >
> > On 9/9/2014 5:47 PM, Marek Posolda wrote:
> > > Hi,
> > >
> > > I am sorry to not help more with the release as I needed to work
> > > especially on some portal related stuff last weeks (hopefully it's
gone
> > > now)...
> > >
> > > Found couple of things:
> > > * AccountService is actually broken for me in Chrome due to latest CSRF
> > > stuff. In FF it works fine, but in Chrome I can't update account or
> > > password. For some reason Chrome is always adding "Origin"
header to
> > > the
> > > update requests (even if they are not ajax requests). So the newly
> > > added
> > > condition for CSRF in AccountService.init will always fail. I have
> > > Chrome 37.0.2062.94 (64-bit) .
> > >
> >
> > Ok, I thought Origin header wasn't supposed to be sent with Browser
> > requests. I can probably fix this by allowing same origin.
>
> Added fix to allow same origin. I also added check of 'Referer' header to
> make sure it's same origin as well.
>
> >
> >
> > > * ServerInfo request (
http://localhost:8080/auth/admin/serverinfo) is
> > > not available with CORS . I've created JIRA
> > >
https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
> > >
https://github.com/keycloak/keycloak/pull/683 for this, which is adding
> > > authentication for ServerInfoAdminResource and then it use allowOrigins
> > > from the authenticated bearer token. Admin console is already using
> > > bearer token for sending ServerInfo requests, so no changes are needed
> > > here. I believe that ServerInfoAdminResource should be authenticated
> > > (don't know why stuff like available social providers or themes
should
> > > be publicly available). Let me know if you seeing issues with it. I did
> > > not merge PR so far as version in master is already changed to
> > > 1.0-Final
> > > so not sure what is the state of the release .
> > >
> >
> > Merge it.
> >
> > > * Realm public resource (
http://localhost:8080/auth/realms/master) is
> > > also not available for CORS requests. Not sure if this is an issue or
> > > not? Thing is that unauthenticated requests can't use CORS at this
> > > moment as I don't know what allowedOrigins to use. Only option is to
> > > allow it for all allowedOrigins (send same
> > > "Access-Control-Allow-Origin"
> > > as original value of "Origin" header from the request)
> > >
> > > * There is still quite a lot of INFO logging . For example when I send
> > > product request from the cors-demo example I have 6 new INFO messages
> > > in
> > > log (Mainly from org.keycloak.adapters package)
> > >
> >
> > Ping me on your status tomorrow (Wednesday). I'll complete whatever you
> > don't finish above.
> >
> > Thanks.
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> >
http://bill.burkecentral.com
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev