[keycloak-dev] Are we all set?
Marek Posolda
mposolda at redhat.com
Tue Sep 9 17:55:11 EDT 2014
On 9.9.2014 23:47, Marek Posolda wrote:
> Hi,
>
> I am sorry to not help more with the release as I needed to work
> especially on some portal related stuff last weeks (hopefully it's
> gone now)...
>
> Found couple of things:
> * AccountService is actually broken for me in Chrome due to latest
> CSRF stuff. In FF it works fine, but in Chrome I can't update account
> or password. For some reason Chrome is always adding "Origin" header
> to the update requests (even if they are not ajax requests). So the
> newly added condition for CSRF in AccountService.init will always
> fail. I have Chrome 37.0.2062.94 (64-bit) .
Created https://issues.jboss.org/browse/KEYCLOAK-671 with blocker priority.
>
> * ServerInfo request (http://localhost:8080/auth/admin/serverinfo) is
> not available with CORS . I've created JIRA
> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
> https://github.com/keycloak/keycloak/pull/683 for this, which is
> adding authentication for ServerInfoAdminResource and then it use
> allowOrigins from the authenticated bearer token. Admin console is
> already using bearer token for sending ServerInfo requests, so no
> changes are needed here. I believe that ServerInfoAdminResource should
> be authenticated (don't know why stuff like available social providers
> or themes should be publicly available). Let me know if you seeing
> issues with it. I did not merge PR so far as version in master is
> already changed to 1.0-Final so not sure what is the state of the
> release .
>
> * Realm public resource (http://localhost:8080/auth/realms/master) is
> also not available for CORS requests. Not sure if this is an issue or
> not? Thing is that unauthenticated requests can't use CORS at this
> moment as I don't know what allowedOrigins to use. Only option is to
> allow it for all allowedOrigins (send same
> "Access-Control-Allow-Origin" as original value of "Origin" header
> from the request)
>
> * There is still quite a lot of INFO logging . For example when I send
> product request from the cors-demo example I have 6 new INFO messages
> in log (Mainly from org.keycloak.adapters package)
>
> I will continue with the testing tomorrow.
>
> Marek
>
> On 9.9.2014 20:01, Stian Thorgersen wrote:
>> Yes - I'll do a round of testing tomorrow, but there's nothing outstanding I'm aware of
>>
>> ----- Original Message -----
>>> From: "Bill Burke"<bburke at redhat.com>
>>> To:keycloak-dev at lists.jboss.org
>>> Sent: Tuesday, 9 September, 2014 7:30:16 PM
>>> Subject: [keycloak-dev] Are we all set?
>>>
>>> can I start doing final testing and release Thursday?
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140909/ce856a9c/attachment-0001.html
More information about the keycloak-dev
mailing list