For the needs of our project, we’ve created a plugin to implement a custom REST endpoint by using the following documentation: Server Developer Guide.
By calling this endpoint via a front application, we have a CORS problem: “has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”
However, by using a REST Postman client, we don’t have that problem.
To resolve this issue, we’ve tried to manually add the “Access-Control-Allow-Origin” header in the response using following technics:
return Response.ok().entity(data).header(“Access-Control-Allow-Origin”, “*”).build();
return Cors.add(request, Response.ok().entity(data))
.allowedMethods(“GET”, “PUT”, “POST”, “DELETE”)
.header(“Access-Control-Allow-Headers”, “origin, content-type, accept, authorization”)
.header(“Access-Control-Allow-Methods”, “GET, POST, PUT, DELETE, OPTIONS, HEAD”)
By using a REST Postman client, we’ve observed that some of those technics have allowed us to add the needed header in the response, but the front application still wasn’t working.
To test the theory that we cannot allow all origins, we’ve tried to limit them to the precise ones, which also haven’t given any results.
Adding ‘cors: true’ or ‘“enable-cors”: true’ in keycloak.json of the front application also hasn’t solved this issue.
Could you advise us on the solution to this problem, please?