[keycloak-user] Keycloak Gatekeeper CORS problem
Bruno Oliveira
bruno at abstractj.org
Fri Nov 2 11:14:24 EDT 2018
Thanks for reporting this Geoffrey. I marked you Jira issue for
triage, in this way we can investigate better.
On Wed, Oct 31, 2018 at 2:08 PM Geoffrey Cleaves <geoff at opticks.io> wrote:
>
> I'm having a problem accessing a REST service protected by Gatekeeper via
> AJAX. I have tried many different combinations of settings in the config
> file to no avail. I suspect the Gatekeeper has a bug.
>
> I can access the protected endpoint directly (via Gatekeeper) with no issue
> as there is no CORS. I can use the AJAX method successfully when I use a
> Chrome plugin to enable CORS for these endpoints.
>
> The message from Chrome is:
>
> Access to XMLHttpRequest at 'http://domain.com:3001/endpoint.php' from
> origin 'http://domain2.com:8888' has been blocked by CORS policy: Response
> to preflight request doesn't pass access control check: No
> 'Access-Control-Allow-Origin' header is present on the requested resource.
>
> I see that Chrome only sends an OPTIONS request to Gatekeeper, which does
> not respond with a Access-Control-Allow-Origin header at all, despite my
> config settings below.
>
>
> My config.yml file looks like this:
>
> client-id: {id}
> client-secret: {secret}
> discovery-url: {keyclock end point}
> enable-default-deny: true
> encryption_key: {32characters}
> listen: 0.0.0.0:3000
> redirection-url: http://domain2.com:3001
> upstream-url: http://localhost:8888
> secure-cookie: false
> verbose: true
> #preserve-host: true
> resources:
> - uri: /admin*
> methods:
> - GET
> roles:
> - test-php-api:test1
> - client:test2
> require-any-role: true
> groups:
> - admins
> - users
> - uri: /endpoint.php
> roles:
> - test-php-api:test1
> - uri: /backend*
> roles:
> - test-php-api:test1
> - uri: /public/*
> white-listed: true
> - uri: /favicon
> white-listed: true
> - uri: /css/*
> white-listed: true
> - uri: /img/*
> white-listed: true
> cors-origins:
> - '*'
> cors-methods:
> - GET
> - POST
>
>
> Any ideas?
>
> Geoff
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
- abstractj
More information about the keycloak-user
mailing list