-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Yes, there are two apps in the game:
- - frontend, with
as an allowed origin
- - backend, bearer-only, without origins defined
Frontend is an HTML-only application, while backend is a REST-only API.
- - Juca.
On 04/03/2014 04:20 PM, Stian Thorgersen wrote:
Have you specified any web origins for your application?
----- Original Message -----
> From: "Juraci Paixão Kröhling" <juraci(a)kroehling.de> To:
> keycloak-user(a)lists.jboss.org Sent: Thursday, 3 April, 2014
> 3:14:50 PM Subject: Re: [keycloak-user] CORS only for OPTIONS?
>
On 04/03/2014 03:25 PM, Bill Burke wrote:
>>> Authenticated, non-preflight requests are handled.
>>> Non-authenticated requests are not handled.
Ok, I'm not sure if you mean that the second part is for
"non-preflight" as well. In any case, the authorization header is
not sent on the preflight (understandably), so, I guess you meant
"non-authenticated" on the first part.
A couple of requests/responses from my application, to illustrate
what is currently happening:
Pre-flight (OPTIONS) request, without authentication (CORS sent) -
http://pastebin.com/45raBqy0
Non-preflight (POST), authenticated (no CORS sent):
http://pastebin.com/E9B6iaAE
Because of the second request, Chrome (and possibly other
browsers) will not deliver the response to the web application,
even though it executed the request (as it was allowed by the CORS
from the first request).
Is this how it should be, or is there a bug somewhere?
- Juca.
> _______________________________________________ keycloak-user
> mailing list keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iQEcBAEBCgAGBQJTPW7WAAoJEDnJtskdmzLM9YEH/3xE0Czb06QSpN/tJYBh93wn
rUcGXwiH3PqVtOqJcBmCWfYD734Zqe2ZfG2UN3E12VT4gWuA73SlE2lhHqt5/KS+
6G4gKuH45EXkO3GgdpTm60qPIRpBQbR0UjFo+k1dhR/f4ck3VR2uPLmmWvAeREpG
sMlu8ZbR/S0EO6by69Lp3l3TcXYKuYdEDBK404i7Js46r8IgMAE4c/Mx8ZtRTAQa
1liqg5YQ16DkuBd0m45Vhdk1gseSe+vUHSOyF46+J/daOn4THsaLMebYKXAAAp3s
uIG3tMyKx/q6E7pICHD+/iW04NlPoHevcbFlLhSnwz8O8oH19Yr4WuYcSKKhaTI=
=SfMO
-----END PGP SIGNATURE-----