[keycloak-user] 401 causes CORS error

Pavel Maslov pavel.masloff at gmail.com
Wed May 1 16:49:31 EDT 2019


Hi all,

I've observed this issue for a long time now. Standard scenario: a backend
app secured with Springboot Adapter + a frontend app which uses keycloak.js
library. Two clients are configured (*public* for token acquisition + *bearer
only* for REST calls).

Allowed CORS origins are set to * (Web Origins field for the public client).
application.properties has *keycloak.cors *set to *true*. REST controller
has *@CrossOrigin *annotation.

Everything works as expected. Until: the frontend app sends an erroneous
token in the Authorization header (e.g.: "Bearer blablabla"). As a result,
I get a CORS error, which says:

*Access to XMLHttpRequest at 'https://xxxxxx.herokuapp.com/items
<https://xxxxxx.herokuapp.com/items>' from origin 'http://localhost:1234
<http://localhost:1234>' has been blocked by CORS policy: No
'Access-Control-Allow-Origin' header is present on the requested resource.*

[image: Screenshot 2019-05-01 at 22.31.40.png]

If I look at the preflight request though, then the
*Access-Control-Allow-Origin* header is indeed set.
[image: Screenshot 2019-05-01 at 22.37.16.png]

Why that error message then? I must admit this confused me multiple times,
as I thought that I had issues with CORS. Also the frontend logic is
undermined, as I should include a custom interceptor (which I don't want to
do heheh). I tried both 4.8.3.Final and 5.0.0 - same result.

Any ideas? Thanks in advance!


Regards,
Pavel Maslov, MS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2019-05-01 at 22.31.40.png
Type: image/png
Size: 64766 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190501/a5d88afb/attachment-0002.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2019-05-01 at 22.37.16.png
Type: image/png
Size: 113215 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190501/a5d88afb/attachment-0003.png 


More information about the keycloak-user mailing list