Keycloak Cors policy error: No Access-Control-Allow-Origin header
1. Setup Keycloak is running on Server A. A client or backend application is running on Server B. Or both Keycloak and the client or...
https://www.czetsuyatech.com/2019/12/keycloak-cors-policy-error-no-access-control-allow-origin-header.html
1. Setup
- Keycloak is running on Server A.
- A client or backend application is running on Server B.
- Or both Keycloak and the client or backend application are running on the same server
2. Problem
When accessing the backend from the client application we get the error:
URL has been blocked by Cors policy: No "Access-Control-Allow-Origin" header is present on the requested resource.
3. Solution
- Open your Keycloak client.
- Under the Settings tab (selected by default), scroll at the bottom part.
- Look for Web Origins and set it to "*" while testing.
- Valid Redirect URIs can be set to "*" too.
Note that in a production environment, the values of Web Origins and Valid Redirect URIs must be changed. Web Origins is normally the client's address, don't forget to append "*" at the end of the URL.
Sample values of Web Origins (let's say your client is developed using Angular):
- http://localhost:4200/*
- http://localhost:4200
Sample of Redirect URIs
- Could be *
- Or, any URL where you will redirect Keycloak after login
4. Know Issues
4.1 If you just migrated to version >7.0.1, make sure to set the client accessType=public, confidential is now deprecated and is causing CORS issue which is totally unrelated and is hard to debug :-)
Post a Comment