I have webservice protected by gatekeeper(louketo-proxy). When I call protected service via ajax request it won't redirect me to login page. It's showing me message "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:3000/app-name/api/getSession. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)."
Below is the gatekeeper configuration file:
client-id: app_id
client-secret: app_secret
discovery-url: http://127.0.0.1:8080/auth/realms/app_realm
redirection-url: http://127.0.0.1:3000
upstream-url: http://127.0.0.1:8043
enable-logging: true
enable-json-logging: true
verbose: true
enable-session-cookies: true
skip-upstream-tls-verify: true
skip-openid-provider-tls-verify: true
encryption-key: enc_key
listen: 0.0.0.0:3000
secure-cookie: false
enable-logging: true
enable-json-logging: true
enable-refresh-tokens: true
enable-session-cookies: true
enable-cors: true
cors-max-age : 1000
cors-headers:
- Accept
- Content-Type
- Cache-Control
- Pragma
- X-Custom-Header
- Source
debug: true
resources:
- uri: /app/api/v5/stylesheets/key=CSS
white-listed: true
- uri: /app/api/v5/images/key=FAVICON
white-listed: true
- uri: /app/api/v5/*
Keycloak version which I am using is 10.0.2
Did you try to define some allowed CORS origins, like
to try out what happens if you allow everything?