Same problem with 12.0.4!
I’m also not able to set up CORS requests to function correctly using 12.0.4 here on our local installation and being searching quite a while now not finding any clear documentaiton or hints… Any help would be very appreciated…
1 Like
It appears the configured web origins for the client are ignored in the token response from the keycloak server. Perhaps it’s been hardcoded with “*”.
I’ve also been battling this for days,
version: 12.0.4
kubernetes: yes
ingress controller: yes
tls certs installed: yes
Client Access Type: public
@apellizzn
This is what i just did that sort of works.
Read this conversation for more details
My setup:
- a kubernetes cluster which would apply to any container e.g. docker.
- an ingress controller e.g. nginx
As this is a CORS issue, the solution that works so far:
I added an annotation to the keycloak ingress resource (rule); and to any other service or front end with an ingress resource. as low.
NOTE: the *yourdomain part needs to be replaced with your own domain.
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($http_origin ~ '^https:\/\/(.*\.)?yourdomain\.(com|net)$') {
set $allow_origin $http_origin;
}
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: $allow_origin';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Client-Identifier';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: $allow_origin';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Client-Identifier';
1 Like
I got a solution for this for my localhost.
Just use 127.0.0.1 to all your URL’s. Do not use some URL as localhot and some for 127.0.0.1
Yet both mean the same but keycloak did not understand that.
So only solution:
use one format from them in your client settings in keycloak.
127.0.0.1 or localhost
In my case, I find out that it was not working with a trailing slash, so I just had to remove the slash for it to work.
1 Like