[keycloak-user] CORS response headers
Ricardo Barroetaveña
rbarroetavena at anura.com.ar
Thu Mar 16 18:02:34 EDT 2017
Hi all,
We're a securing a client-side js app with Keycloak and we notice it's not
adding CORS headers when response status code is not successful.
Browser complains about missing 'Access-Control-Allow-Origin' header and it
hides resource error code.
Is there any reason it's not adding the header under this error condition?
Is it a security issue?
Thanks for the help!
Ricardo.
More information about the keycloak-user
mailing list