[keycloak-user] CORS only for OPTIONS?
Juraci Paixão Kröhling
juraci at kroehling.de
Thu Apr 3 02:37:28 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 04/02/2014 09:30 PM, Bill Burke wrote:
> Which headers are we not sending back?
The Access-Control-* headers for non-preflight requests (ie: a POST).
Without an additional filter at the application side that adds CORS
headers to the non-OPTIONS requests, the browsers would prevent the
webapp from reading the response.
I guess the question then is: why are the authenticated, non-preflight
requests, not handled? I might be wrong, but I think that KC already
has all the information it needs to handle such requests, no?
Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCgAGBQJTPQGoAAoJEDnJtskdmzLMDogH/2ZrUhDI3zQysMc735rDmb1u
T12iLE5OgtvQs23GyKvCRFfv827xTXrs+WXDJKI6jiWrraAcoTTLX3CZh702S8Xz
NWNUuv3j7rYKgChSqMnU+y43a2b6K9mQSx59gXRqKWo2mTLKtVFvPnR5CA40bpH2
JZh13pPW1jB/klSBq2ZEe/km+eE3Av5KRE+RqifWVk9ktN43uOjNAnw1oRnIpamO
Ch2GQPDxEXQM7JEmJum8u5IVnAC14juhltk5UiCZFNqnaYa389UAs9J9DlvwgSVr
6s+pBuP2CO17Hwes921DxLZOkFSObAI+0jzZcOLRD61Js9qiB52B844Lxd/hRm0=
=bQkI
-----END PGP SIGNATURE-----
More information about the keycloak-user
mailing list