[keycloak-dev] [aerogear-dev] Aerogear UPS + Keycloak cartridge combined together POC

Apostolos Emmanouilidis aemmanou at redhat.com
Wed Feb 5 04:46:12 EST 2014

This case appears because Chrome and Safari are sending the Origin
header on same origin PUT, DELETE & POST requests.
On the other side, Firefox does not send the Origin header on same
origin requests. As the Keycloak team explained to me, 
in most JS/HTML apps you'd add origin part of the base url as web origin
in the application's settings through the Keycloak administration
However, this does not apply to non-js based app and that's why the base
url is not automatically considered as web origin.

Request Method:POST
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/31.0.1650.63 Safari/537.36

On Tue, 2014-02-04 at 18:13 +0100, Karel Piwko wrote:

> * Ember in UPS is firing AJAX request to REST Endpoints on the same domain.
>   However, as it goes through Keycloak Auth Server, this is considered CORS
>   request. I had to configure Web Origin for UPS application. This is
>   confusing to me, Origin header should be transparent for Keycloak as I'm
>   firing request to the same domain. Note this does not happen in Firefox,
>   which identifies same domain and avoids Origin header. I need some insight
>   here from more skilled people.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140205/3d6a3595/attachment.html 

More information about the keycloak-dev mailing list