[aerogear-dev] Aerogear UPS + Keycloak cartridge combined together POC
Apostolos Emmanouilidis
aemmanou at redhat.com
Wed Feb 5 04:46:12 EST 2014
This case appears because Chrome and Safari are sending the Origin
header on same origin PUT, DELETE & POST requests.
On the other side, Firefox does not send the Origin header on same
origin requests. As the Keycloak team explained to me,
in most JS/HTML apps you'd add origin part of the base url as web origin
in the application's settings through the Keycloak administration
console.
However, this does not apply to non-js based app and that's why the base
url is not automatically considered as web origin.
Request Method:POST
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,el;q=0.6
Connection:keep-alive
Content-Length:15
Content-Type:application/json
Cookie:JSESSIONID=Tw9NmJjHUlRO6JnimwyzS1w3.undefined
Host:agpushkeycloak-mobileqa.rhcloud.com
Origin:http://agpushkeycloak-mobileqa.rhcloud.com
Referer:http://agpushkeycloak-mobileqa.rhcloud.com/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/31.0.1650.63 Safari/537.36
X-Requested-With:XMLHttpRequest
On Tue, 2014-02-04 at 18:13 +0100, Karel Piwko wrote:
> * Ember in UPS is firing AJAX request to REST Endpoints on the same domain.
> However, as it goes through Keycloak Auth Server, this is considered CORS
> request. I had to configure Web Origin for UPS application. This is
> confusing to me, Origin header should be transparent for Keycloak as I'm
> firing request to the same domain. Note this does not happen in Firefox,
> which identifies same domain and avoids Origin header. I need some insight
> here from more skilled people.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140205/3d6a3595/attachment.html
More information about the aerogear-dev
mailing list