I'm trying to authorize a user in Keycloak using REST api.
API call is successful when I am calling the api from POSTMAN, but when trying from angular app I'm getting below error -
Access to XMLHttpRequest at 'http://localhost:8080/auth/realms/realmname/protocol/openid-connect/token' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Headers and body for the request is below -
Related
I am trying to connect a SOAP service from frontend,
Because of "cors policy blocked" I am using Local Cors Policy which is described here;
"https://www.npmjs.com/package/local-cors-proxy"
I can see that request is getting proxied so no any errors.
"Request Proxied -> /Servis/SiparisServis.svc"
But I am still getting this error;
"Access to XMLHttpRequest at 'https://www.myurl.com/Servis/SiparisServis.svc' (redirected from 'http://localhost:8010/proxy/Servis/SiparisServis.svc') from origin 'http://123.0.0.1:2300' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
Any solution ?
I can provide my codes if needed.
I am trying to fetch the metadata I stored on NFT.storage using axios, but each time I get this error:
Access to XMLHttpRequest at 'ipfs://bafyreib6hf354pwtnwxdmfllegogffvkv2dzsrgbithvjbzzewu757bxay/metadata.json' from origin 'http://127.0.0.1:3000' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, chrome-untrusted, https.
I have solved this issue many times when I used to do web2 development but don't know how to do this here.
You cannot directly access ipfs:// prefixed content from a normal browser or js. Instead, you'd have to access it through a gateway.
Some popular gateways are ipfs.io, pinata, moralis..
This is an example usage of an ipfs gateway:
https://ipfs.io/ipfs/bafyreib6hf354pwtnwxdmfllegogffvkv2dzsrgbithvjbzzewu757bxay/metadata.json
Try making your axios request to this url
I am implementing an angular App and want to list all existing Realms on the keycloak Server. I configured the realm-management Client Roles of the User Logged in. Now I am able to List all Realms in a Rest-Client (https://keycloakserver/auth/admin/realms) using the login-token of this user, but when I do the same in my SPA I end up in a CORS-Error:
Access to XMLHttpRequest at 'https://keycloakserver/auth/admin/realms' from origin 'https://localhost:9001' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I know how I can configure CORS Headers for a specific Client, but in my case where do I find the client or is there another way?
Ok I found the solution I had to add a + To the web-Origins.I thought it was enough to have the valid Redirect URL
I build a REST API using Vert.x and would like to add OAuth2 authentication.
In my current setup unauthenticated requests will automatically be redirected to the OAuth2 server (keycloak) login page. This seems wrong when dealing with a REST API. Instead I would expect my REST API server to return a 401 and thus let the client deal with the process of getting the access token.
Is there a best practice for this use case? How should unauthenticated requests to protected resources be handled?
When a access token is missing you should return an HTTP 400. If the token is invalid it would have to be HTTP 401 as shown in https://www.rfc-editor.org/rfc/rfc6750#section-3.1:
3.1. Error Codes
When a request fails, the resource server responds using the
appropriate HTTP status code (typically, 400, 401, 403, or 405) and
includes one of the following error codes in the response:
invalid_request
The request is missing a required parameter, includes an
unsupported parameter or parameter value, repeats the same
parameter, uses more than one method for including an access
token, or is otherwise malformed. The resource server SHOULD
respond with the HTTP 400 (Bad Request) status code.
invalid_token
The access token provided is expired, revoked, malformed, or
invalid for other reasons. The resource SHOULD respond with
the HTTP 401 (Unauthorized) status code. The client MAY
request a new access token and retry the protected resource
request.
insufficient_scope
The request requires higher privileges than provided by the
access token. The resource server SHOULD respond with the HTTP
403 (Forbidden) status code and MAY include the "scope"
attribute with the scope necessary to access the protected
resource.
If the request lacks any authentication information (e.g., the
client was unaware that authentication is necessary or attempted
using an unsupported authentication method), the resource server
SHOULD NOT include an error code or other error information.
For example:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="example"
I have a problem. I'm trying to get access to Openfire Rest API plugin via https in this way:
https://my-openfire.org.ua:7443/http-bind/plugins/restapi/v1/chatrooms
And I get error:
Failed to load https://my-openfire.org.ua:7443/http-bind/plugins/restapi/v1/chatrooms: Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.
People, what am I doing wrong?
you need to use the path: https://myopenfire.org.ua:9090/plugins/restapi/v1/chatrooms
(It uses the web interface port) and it's not binded to "http-bind"