CORS settings don't work

AAverin · May 24, 2020, 7:14am

I have a following setup
JS React app (js-client) => Node JS Backend (api-client) => Keycloak auth server
For js-client I have set Web Origins to +, so it would work with all valid redirect urls.
api-client is Bearer only, so it doesn’t have cors settings.

Still, after I hit secured endpoint and login user in the browser, keycloak js adapter fails to get tokens, failing with:

Access to XMLHttpRequest at ‘…/protocol/openid-connect/token’ (redirected from ‘…/protocol/openid-connect/token’) from origin ‘http://localhost:8000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Localhost is also in the valid redirect urls.

Any ideas?

zonaut · May 24, 2020, 7:56am

Make sure your Keycloak client has the following

redirectUris must contain your React url like http://localhost:3000/*
webOrigins must contain your React url like http://localhost:3000

The same goes for the client you use for your backend

AAverin · May 24, 2020, 8:07am

I think I got what’s wrong.

I have Nginx proxy in front of my keycloak. Nginx redirects http to https, this changes the origin of the request and all CORS is getting removed by browsers.

What could be the correct solution here? It doesn’t seem possible to keep CORS headers when doing a redirect to https resource.
Is it somehow possible to force js adapter to request https rather than http right from the beginning?

AAverin · May 24, 2020, 8:11am

Ok, problem solved =)
It was a wrong URL in my configuration.

karolalexander · November 7, 2020, 10:19pm

Hi AAverin,

Can you give some details on how you setup your config ?

Thanks

chefban · November 9, 2020, 7:28am

Hello, excuse me for reopening the discussion after so many months but I have exactly the same problem, which configuration did you change please?

karolalexander · November 9, 2020, 11:09pm

Hi,

If it can help someone, i did find a solution.

Browsers are very stricts about origins of ressources. So, if you want to tests Keycloak in local, the best solution i came up with, is to install nginx in local as reverse proxy. Keycloak and my nodeJS application are behind the proxy, so requests from the browser to ressources appear to be in the same domain.

This configuration is working. I hope my explaination are good

Have a good day

Topic		Replies	Views
CORS Problem - react Securing applications	6	1716	January 13, 2021
Access-Control-Allow-Origin header missing Securing applications	26	77591	March 8, 2022
CORS issue with Keycloak using it in React and Web Origins set Getting advice admin-rest	5	12636	February 15, 2022
No 'Access-Control-Allow-Origin' header is present on the requested resource in Keycloak 21	3	813	February 12, 2024
Fix CORS problem - No Access Control Allow Origin header is present on the requested resource Configuring the server	7	31287	March 18, 2020

CORS settings don't work

Related Topics