Group
I have an angular spa deployed on host A - apache httpd (static content)
making REST api calls into a spring-boot
hosted by host B. The 2 servers are different domains.
Spa is protected by Keycloak.js. Am able to bring in the index. When I
click on a rest call,
browser sends over first OPTIONS request to make sure server B is ready to
accept since it is an XHR cross domain call.
But the problem is that OPTIONS is being sent without Authorization:
Bearer 'token' and so the rest webserver rejects the call
with 401 -Unauthorized. Each REST call from the SPA to the cross domain
REST is rejected.
Am I the first one to hit this?
I saw people solving this with regular un-secured apps, but in my case
Keycloak using spring-security rejects it.
Anyone in the group can help me - anyone has deployed the client and
server (being bearer keycloak protected) and solved
this problem.
Have tried various things inside spring-boot to allow options/cors, etc -
none worked.
Thank you for help.