For now, you have to deal with CORS "manually" on the server side. I think Spring has a annotation like "@CrossOrigin".

On Tue, Aug 2, 2016 at 5:30 PM, Robert van Loenhout <r.vanloenhout@greenvalley.nl> wrote:

I'm using the keycloak javascript adapter and the spring security adapter for my REST service.

The REST service is configured as a client with 'bearer-only' access type.

The javascript client is authenticated. When it does an ajax call to my REST service I receive the following error in my browser:

 

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:30001/rest1/greeting. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

 

I have added

"enable-cors": true

to my REST keycloak configuration.

However where do I configure which origins are allowed?

 

For 'public' and 'confidential' clients you can configure the web origins in the admin console.

But when I set it to 'bearer-only' this field is gone.

 

So what exactly are the steps you have to take to configure a javascript client that call a REST service on another host?

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user