8000 [CORS] Allow Access-Control-Allow-Headers customization · Issue #12682 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
[CORS] Allow Access-Control-Allow-Headers customization #12682
New issue
New issue
Open
#40011
Open
[CORS] Allow Access-Control-Allow-Headers customization#12682
#40011
Labels
kind/enhancementCategorizes a PR related to an enhancementstatus/triage
@amoscatelli

Description

@amoscatelli
amoscatelli
opened on Jun 23, 2022

Description

Allow customization for CORS Access-Control-Allow-Headers

Discussion

https://keycloak.discourse.group/t/customizing-access-control-allow-headers/7672

Motivation

Keycloak has to support custom headers.
The lacking of this functionality makes keycloak incompatible, for example, with distributed tracing systems (opentelemetry, elastic-agent).

These are some of the headers that are commonly sent :

traceparent
uber-trace-id
x-amzn-trace-id
x-b3-sampled
x-b3-spanid
x-b3-traceid
elastic-apm-traceparent

Details

Access-Control-Allow-Headers are stubbed in

https://github.com/keycloak/keycloak/blob/36da2d20e97a10821c7305881d3ffa343b5ad001/services/src/main/java/org/keycloak/services/resources/Cors.java

Please allow customization for Access-Control-Allow-Headers via GUI (in clients configurations) or via environment variables.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/enhancementCategorizes a PR related to an enhancementstatus/triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0