command1:
curl -X OPTIONS \ 1 ↵
-H "Origin: http://localhost" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: authorization,x-requested-with" \
-k http://localhost:8080/auth/realms/realmauth/protocol/openid-connect/token \
--silent --verbose 2>&1
output:
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 8080 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> OPTIONS /auth/realms/realmauth/protocol/openid-connect/token HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.1
> Accept: */*
> Origin: http://localhost
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: authorization,x-requested-with
>
< HTTP/1.1 200 OK
< Access-Control-Allow-Headers: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: no-referrer
< Date: Tue, 29 Jun 2021 12:04:18 GMT
< Connection: keep-alive
< Access-Control-Allow-Origin: http://localhost
< Access-Control-Allow-Credentials: true
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< Content-Length: 0
< Access-Control-Allow-Methods: POST, OPTIONS
< Access-Control-Max-Age: 3600
<
* Connection #0 to host localhost left intact
* Closing connection 0
command2:
curl -X OPTIONS \
-H "Origin: null" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: authorization,x-requested-with" \
-k http://localhost:8080/auth/realms/realmauth/protocol/openid-connect/token \
--silent --verbose 2>&1
output:
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 8080 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> OPTIONS /auth/realms/realmauth/protocol/openid-connect/token HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.1
> Accept: */*
> Origin: null
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: authorization,x-requested-with
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< Referrer-Policy: no-referrer
< Content-Length: 0
< Date: Tue, 29 Jun 2021 12:06:58 GMT
<
* Connection #0 to host localhost left intact
* Closing connection 0
with the second output, I can see that it does not have < Access-Control-Allow-Methods: POST, OPTIONS
in the response. I believe this would result in the error in the browser console.
the token request that results in the error is part of the keycloak initialization, and I don’t think I can set the origin to any other value for the request.
in the case of the browser (as opposed to the ios app), the origin is set to the domain URL.
in the case of the ios app, the token request just shows null in the origin.
what should be my next step now?