(forgot including user list) Are you using keycloak-auth-utils on your frontend application ? Why not the JavaScript library ? Also have you configured the "Web Origins" field of your client in the Keycloak Web Console ? On Wed, Jun 28, 2017 at 3:09 PM, Karol Buler <K.Buler(a)adbglobal.com&gt; wrote: > Hi Everyone, > > We have problem with CORS. We are using this lib: > https://www.npmjs.com/package/keycloak-auth-utils in our JavaScript > application. > > When we try to get AccessToken we are getting this message: > > Fetch API cannot load http://<keycloak_address>/auth > /realms/master/protocol/openid-connect/token. Request header field > x-client is not allowed by Access-Control-Allow-Headers in preflight > response. > > We tried to modify CORS headers in standalone.xml file of Keycloak's > server, but we found that CORS headers are hardcoded and added "in air". > > Best regards, > Karol Buler > > [https://www.adbglobal.com/wp-content/uploads/adb.png] > connecting lives > connecting worlds > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Hi, This is a perfect response from your browser. X-client is a custom header and not allowed out of the box. I think either you should strip that header from your request to Keycloak or modify Keycloak to allow that header or some sort (not recommend). You could also modify your standalone configuration to add a response header but that's not really recommended either. > -----Oorspronkelijk bericht----- > Van: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user- > bounces(a)lists.jboss.org] Namens Karol Buler > Verzonden: donderdag 29 juni 2017 10:30 > Aan: keycloak-user(a)lists.jboss.org > Onderwerp: Re: [keycloak-user] Fwd: CORS's problem with JavaScript's > library > > We are using keycloak-auth-utils because our application isn't strict frontend. > It is something like "middle-end" app. We can't use e.g. code flow > authentication. > > Secondly... yes, We applied "*" to "Web Origins". > > > On 28.06.2017 16:47, Sebastien Blanc wrote: >> (forgot including user list) >> >> Are you using keycloak-auth-utils on your frontend application ? Why >> not the JavaScript library ? >> Also have you configured the "Web Origins" field of your client in the >> Keycloak Web Console ? >> >> On Wed, Jun 28, 2017 at 3:09 PM, Karol Buler <K.Buler(a)adbglobal.com&gt; > wrote: >>> Hi Everyone, >>> >>> We have problem with CORS. We are using this lib: >>> https://www.npmjs.com/package/keycloak-auth-utils in our JavaScript >>> application. >>> >>> When we try to get AccessToken we are getting this message: >>> >>> Fetch API cannot load http://<keycloak_address>/auth >>> /realms/master/protocol/openid-connect/token. Request header field >>> x-client is not allowed by Access-Control-Allow-Headers in preflight >>> response. >>> >>> We tried to modify CORS headers in standalone.xml file of Keycloak's >>> server, but we found that CORS headers are hardcoded and added "in > air". >>> Best regards, >>> Karol Buler >>> >>> [https://www.adbglobal.com/wp-content/uploads/adb.png] >>> connecting lives >>> connecting worlds >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user