[keycloak-user] Fwd: CORS's problem with JavaScript's library

Karol Buler K.Buler at adbglobal.com
Wed Jul 12 08:23:28 EDT 2017


Kevin you have 100% right! But we didn't modify Keycloak server and JS 
lib at all. Clean server and clean library have a problem with 
communication.


On 29.06.2017 13:24, Kevin Berendsen wrote:
> Hi,
>
> This is a perfect response from your browser. X-client is a custom header and not allowed out of the box.
> I think either you should strip that header from your request to Keycloak or modify Keycloak to allow that header or some sort (not recommend).
>
> You could also modify your standalone configuration to add a response header but that's not really recommended either.
>
>> -----Oorspronkelijk bericht-----
>> Van: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-
>> bounces at lists.jboss.org] Namens Karol Buler
>> Verzonden: donderdag 29 juni 2017 10:30
>> Aan: keycloak-user at lists.jboss.org
>> Onderwerp: Re: [keycloak-user] Fwd: CORS's problem with JavaScript's
>> library
>>
>> We are using keycloak-auth-utils because our application isn't strict frontend.
>> It is something like "middle-end" app. We can't use e.g. code flow
>> authentication.
>>
>> Secondly... yes, We applied "*" to "Web Origins".
>>
>>
>> On 28.06.2017 16:47, Sebastien Blanc wrote:
>>> (forgot including user list)
>>>
>>> Are you using keycloak-auth-utils on your frontend application ? Why
>>> not the JavaScript library ?
>>> Also have you configured the "Web Origins" field of your client in the
>>> Keycloak Web Console ?
>>>
>>> On Wed, Jun 28, 2017 at 3:09 PM, Karol Buler <K.Buler at adbglobal.com>
>> wrote:
>>>> Hi Everyone,
>>>>
>>>> We have problem with CORS. We are using this lib:
>>>> https://www.npmjs.com/package/keycloak-auth-utils in our JavaScript
>>>> application.
>>>>
>>>> When we try to get AccessToken we are getting this message:
>>>>
>>>> Fetch API cannot load http://<keycloak_address>/auth
>>>> /realms/master/protocol/openid-connect/token. Request header field
>>>> x-client is not allowed by Access-Control-Allow-Headers in preflight
>>>> response.
>>>>
>>>> We tried to modify CORS headers in standalone.xml file of Keycloak's
>>>> server, but we found that CORS headers are hardcoded and added "in
>> air".
>>>> Best regards,
>>>> Karol Buler
>>>>
>>>> [https://www.adbglobal.com/wp-content/uploads/adb.png]
>>>> connecting lives
>>>> connecting worlds
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list