On 6/19/15 02:52, Bill Burke wrote:
Yeah, sorry, that was a stupid response to your question by me...I
wasn't thinking....
Yeah, you're screwed. :) There is no way around it. I guess the adapter
could set a cookie on bearer-only requests like it does for auth-code
requests and then authenticate via the cookie next time around, but then
you are vulnerable to CSRF attacks.
Got this one:
https://developer.mozilla.org/en-US/docs/Using_files_from_web_application...
Didn't try yet, but looks promising.
The idea is to load the resource with XHR and render it in iframe using
Object URLs.
On 6/18/2015 4:45 PM, Tair Sabirgaliev wrote:
>
>
> On 6/19/15 02:21, Bill Burke wrote:
>> invoke the rest service via XHR , then render the <iframe>?
>
> The problem is when iframe tries to download its contents, keycloak
> adapter doesn't let it through. I assume this is because iframe doesn't
> sent Authorization header.
>
>>
>> On 6/18/2015 3:44 PM, Tair Sabirgaliev wrote:
>>> Any idea on this?
>>>
>>> --
>>> Tair Sabirgaliev
>>> Bee Software, LLP
>>>
>>> On June 11, 2015 at 20:41:25, Tair Sabirgaliev (tair.sabirgaliev(a)bee.kz
>>> <mailto:tair.sabirgaliev@bee.kz>) wrote:
>>>
>>>> Hi!
>>>>
>>>> I have a REST resource /rest/some/pdf in bearer-only application. The
>>>> client app uses angular, I have setup it according to keycloak demos.
>>>> On my angular page i have an <iframe src=“/rest/some/pdf”….>. I
can’t
>>>> pass auth headers to iframe url. What is the right thing to do here?
>>>>
>>>> Thank you!
>>>>
>>>>
>>>> --
>>>> Tair Sabirgaliev
>>>> Bee Software, LLP
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>