8000 Check if suspicious log about CORS is correct · Issue #39492 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Check if suspicious log about CORS is correct #39492
New issue
New issue
Closed
#39582
Closed
Check if suspicious log about CORS is correct#39492
#39582
Assignees
shawkins
Labels
help wantedkind/bugCategorizes a PR related to a bugpriority/normalrelease/26.3.0status/auto-bumpstatus/auto-expireteam/cloud-native
@lrozenblyum

Description

@lrozenblyum
lrozenblyum
opened on May 6, 2025

Description

Every request to refresh a token is accompanied by a debug log with an issue about CORS

2025-05-06 14:51:29,039 DEBUG [org.keycloak.services.cors.DefaultCors] (executor-thread-7) Invalid CORS request: origin https://192.168.17.10 not in allowed origins []
2025-05-06 14:51:29,040 DEBUG [org.keycloak.events] (executor-thread-7) type="REFRESH_TOKEN" ...

It's suspicious because the client is requesting the exactly the host from which the app is loaded (https://192.168.17.10) for which no CORS should be taken into account.

NOTE: Keycloak and the webapp itself are behind a reverse proxy (nginx) with X-Forwarded headers tuned.

Discussion

No response

Motivation

No response

Details

No response

Metadata

Metadata

Assignees

Labels

help wantedkind/bugCategorizes a PR related to a bugpriority/normalrelease/26.3.0status/auto-bumpstatus/auto-expireteam/cloud-native

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0