[keycloak-user] Response CORS Headers

Eriksson Fabian fabian.eriksson at gi-de.com
Thu Jan 26 10:48:40 EST 2017


Hello!

We are currently facing a problem with CORS-headers and the theme cache settings found in standalone/configuration/standalone.xml. We have two applications using the same realm, when logging in to the first application we first call the /auth/realms/${realm-name}/.well-known/openid-configuration to find OIDC configuration and the browser first does an options request and the response is showing the correct access-control-allow-origin header and the header is cached for as long as the staticMaxAge is set to. But when we try to login to the second application the response headers that was cached is used and we get the wrong access-control-allow-origin header (still pointing to the first application URL).

Our question is; can we configure only this endpoint (.../.well-known/openid-configuration) to have a no-cache header but leave the rest of the application cached?

BR
Fabian Eriksson


More information about the keycloak-user mailing list