[keycloak-user] Response CORS Headers
Stian Thorgersen
sthorger at redhat.com
Fri Feb 3 03:41:05 EST 2017
I don't know what the issue is as there are no application specific urls in
the well-known configuration. It is static information about Keycloak
server.
On 26 January 2017 at 16:48, Eriksson Fabian <fabian.eriksson at gi-de.com>
wrote:
> Hello!
>
> We are currently facing a problem with CORS-headers and the theme cache
> settings found in standalone/configuration/standalone.xml. We have two
> applications using the same realm, when logging in to the first application
> we first call the /auth/realms/${realm-name}/.well-known/openid-configuration
> to find OIDC configuration and the browser first does an options request
> and the response is showing the correct access-control-allow-origin header
> and the header is cached for as long as the staticMaxAge is set to. But
> when we try to login to the second application the response headers that
> was cached is used and we get the wrong access-control-allow-origin header
> (still pointing to the first application URL).
>
> Our question is; can we configure only this endpoint
> (.../.well-known/openid-configuration) to have a no-cache header but
> leave the rest of the application cached?
>
> BR
> Fabian Eriksson
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list