Access-Control-Allow-Origin accepted on https://keycloak/auth/realms/MYREALM

spinget · January 25, 2022, 2:05pm

Hello all,

I have a keycloak 16.1 with a realm MYREALM.
When I send a POST request to https://keycloak/auth/realms/MYREALM/protocol/openid-connect/token I can see that if I use an Origin header not whitelisted I don’t get “Access-Control-Allow-Credentials:true” and “Access-Control-Allow-Origin:MYORIGIN” in the response header.
Now if I try a GET request to https://keycloak/auth/realms/MYREALM from any Origin it will be accepted and get that “Access-Control-Allow-Credentials:true” and “Access-Control-Allow-Origin:MYORIGIN” in the response header.
I can’t figure out where to define the accepted origins for this (shorter) path.
Can anyone point me in the right direction?
thx

Topic		Replies	Views
Access-Control-Allow-Origin header missing Securing applications	26	77605	March 8, 2022
Access-Control-Allow-Origin Getting advice	10	1854	August 20, 2021
Keycloak - Preflight missing allow origin header Configuring the server authentication	3	2586	March 15, 2021
No 'Access-Control-Allow-Origin' header is present on the requested resource authentication	0	335	February 23, 2021
Fix CORS problem - No Access Control Allow Origin header is present on the requested resource Configuring the server	7	31288	March 18, 2020

Access-Control-Allow-Origin accepted on https://keycloak/auth/realms/MYREALM

Related Topics