[keycloak-user] No 'Access-Control-Allow-Origin' header is present on the requested resource

James Falkner jfalkner at redhat.com
Tue Nov 22 09:33:42 EST 2016 

Dang, you'd think I would have remembered that[1]! Guess the ole noggin 
ain't what it used to be..

-James

[1] http://lists.jboss.org/pipermail/keycloak-user/2016-June/006704.html

> Bill Burke <mailto:bburke at redhat.com>
> November 18, 2016 at 3:56 PM
> RHSSO is based on 1.9.8.
>
> Bill
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> James Falkner <mailto:jfalkner at redhat.com>
> November 17, 2016 at 5:50 PM
> Hey Grant - if it's a protected URL, and you've configured web origins 
> correctly for the client, and the adapter, and the browser is sending 
> the right stuff - then Keycloak adapter *should* add the CORS headers. 
> I have a few demos I've created that work in this way, but they all 
> use the official Red Hat SSO product, based on Keycloak 1.9.4.
>
> If you use "curl" with the same headers, does it fail too? See the end 
> of 
> http://blog.keycloak.org/2015/10/getting-started-with-keycloak-securing.html 
> for an example of how to obtain a token and issue a request using curl.
>
> -James
>
>
> Grant Marrow <mailto:grantmarrow at gmail.com>
> November 16, 2016 at 3:51 PM
>
> Hi James
>
> Yes I have used the chrome and firefox  postmaster addon to process 
> the same HTTP GET request to my rest service.
>
> During this request I added the authorisation bearer header with a 
> valid token and it still returned the same error.
>
> The only time it worked was when I  stripped out keycloak completely 
> and just added the standard cors configuration in my web.xml of my 
> service worked successfully. That's why I'm leaning to the fact that 
> it might be a keycloak error.
>
> Regards
> Grant
>
> James Falkner <mailto:jfalkner at redhat.com>
> November 16, 2016 at 3:39 PM
> In the developer console in your browser, can you verify that the 
> proper Authorization header is being passed in the REST call? 
> Something like 'Authorization: bearer <token>'.
>
> -James
>
>
> Grant Marrow <mailto:grantmarrow at gmail.com>
> November 16, 2016 at 3:22 PM
> I'm familiar with cors. I have used the exact same setup with versions 
> 1.3,
> 1.4 and 1.9 version of keycloak. This problem has started since I upgraded
> to version 2.3 if keycloak.
>
> I have also tried adding the cors-enabled-headers and cors-enabled-methods
> properties to the keycloak.json file on my rest service application and
> that did not work as well.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list