Status: Closed (View Workflow)
Affects Version/s: 6.0.1, 7.0.1
Fix Version/s: None
Steps to Reproduce:
1. to have standalone Keycloak server
2. to have Spring boot app running using integration Keycloak
3. call app's logout endpoint by Angular (I guess Spring-boot-keycloak adds "/logout" and handles it it self)
4. final 302 call from Anular FE will get CORS problem
Docs QE Status:NEW
Hello, we used Keycloak with Java SpringBoot app server.
When our Angular front end calls Post request (which I think invalidates session) "/logout" endpoint of our java app (btw. handler of this call is done by spring boot keycloak) , our app then automatically calls Keycloak, which invalidate token, and redirects user using 302 http status to Keycloak login page. Problem is, there is a CORS preflight Option call (for this last login page fetch done automatically by Angular - as a reaction to 302 http status) which blocks frontend call, even if I set Keycloak configuration properly (first "*" - for disabling - did not work, then "+" - for redirected url, even enumeration of all host/port combination of our backend java app - no hope).
So, once again in one sentence: There are no CORS headers from Keycloak, even Keycloak is configured properly for this (or at least I think it is).
In Spring boot I have:
Frontend request header from Angular is (OUR_PORT == our app port):
_Accept-Encoding gzip, deflate, br
User-Agent Mozilla/5.0 (X11; Ubuntu; Linu…) Gecko/20100101 Firefox/69.0_
_responseheader from Keycloak server:
date Wed, 23 Oct 2019 11:51:38 GMT
Somebody described this problem here, but no response:
Should I call logout in different way?
Thanks for the help.