-
Bug
-
Resolution: Done
-
Undefined
-
None
-
False
-
-
False
-
-
Before reporting an issue
[X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
dist/quarkus
Describe the bug
Propagated after upgrade to Quarkus 3.15.2 addressed by https://github.com/keycloak/keycloak/issues/35077.
For Quarkus 3.15.2, some changes around @HEAD, and @OPTIONS handling for sub-resources were made[1]. We are more interested in the @OPTIONS HTTP method that is used in preflight requests. When a sub-resource does not contain REST handler for @OPTIONS, a default response with default fields like 'Access-Control-Allow-Methods' is returned. However, in some places, we managed the @OPTIONS in a method redirecting to the subresource, so RESTEasy was not able to discover it.
In that case, different headers (from the new default response) were provided, that do not allow some methods hidden in sub-sub-resources.
It is a breaking change introduced in Quarkus 3.15.2 and addressed by: https://github.com/quarkusio/quarkus/issues/45173
For instance, the CorsPreflightService is not executed and the default response is returned:
```
@Path("{version : v\\d[0-9a-zA-Z_\\-]*}") @Produces(MediaType.APPLICATION_JSON) public Object getVersionedAccountRestService(final @PathParam("version") String version) { if (request.getHttpMethod().equals(HttpMethod.OPTIONS)) { return new CorsPreflightService(); } return getAccountRestService(getAccountManagementClient(session.getContext().getRealm()), version); }
```
The workaround can be removed after upgrading to Quarkus 3.15.3
Version
999
Regression
[ ] The issue is a regression
Expected behavior
Possibility to use OPTIONS handler in sub-resources redirection
Actual behavior
Not possible to use OPTIONS handler in sub-resources redirection
How to Reproduce?
Send HTTP OPTIONS request to http://keycloak-instance/auth/realms/, or http://keycloak-instance/admin/serverinfo.
Anything else?
No response
- links to
