![]() The request is not a preflight request, it’s a GET that results in a 302 redirect back to the authentication endpoint everything looks right in the headers and cookies, but I’m just not seeing results. I’ve downloaded the KC source and scoured the Cors.java over and over, it clearly is supposed to create a Access-Control-Allow-Origin header. I have withCredentials set to true as well, this is required so the cookies are furnished to KC when the 302 is made. Keycloak has “ (no trailing slash, just like the Origin header) set as the Web Origin. In detail, CORS is a protection system implemented by web browsers to enforce. In this context, an origin refers to the combination of the protocol, domain, and port number a request comes from. ![]() The XHR query has Origin set to this (this is minorly obscured, it’s not localhost and is being served from a django dev server): CORS is a security mechanism that enables a server to specify which origins are allowed to access and load resources in a web browser. Try as I might, I cannot get Keycloak to emit the Access-Control-Allow-Origin header. Normally you don’t want XHR following 302 redirects for authentication, but as a test when I redirect the browser window to the refresh_url, the auth framework ensures that I’m redirected back to my API get request, so the original data is fetched. If those headers are not present, the middleware simply generates a 302 redirect, which the axios based client tries to follow. This middleware tries to detect XHR through Django’s (misguided) is_ajax() function, looking for these headers: When I have the mozilla_django_ middleware enabled, it causes a session refresh every 15 minutes. Now I’m working on a React based client using openapi-client-axios to do the REST queries. Until now everything has worked find with pure Django, the browser does first party SSO renewal requests transparently. Using the mozilla-django-oidc oidc authentication backend for Django. (minor obscuration), this has been working well for months. (I have to muddy the URLs because the forum software doesn’t allow new users to post more than 2 links) Also I cannot see Access-Control-Allow-Origin in the network tab, see here, Is there anything wrong while setting the Access-Control-Allow-Origin I cannot figure out, where am I getting wrong. Ive looked at so many versions of this question and nothing has helped. Hello, I know this subject has been beaten to death before, and I’ve spent a good portion of the last 24 hours trying to resolve this and drill down. Yet I still get hit with the 'No Access-Control-Allow-Origin header is present on the requested resource.' I dont want a use a plugin since that doesnt really solve the large problem, and I cant use a wildcard because Allow-Credentials must be set to true.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |