You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Bug] /admin/admin-ajax.php blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
#7
Open
abdennour opened this issue
Jul 31, 2021
· 2 comments
I setup the plugin with keycloak & everything is going well (login, logout,...) ,
However... except when clicking on the button which generates new shorten link :
I am getting this error on the browser console:
https://yourls.company.com/admin/?state=d27b8870a0a2301dc6ad72c373d89239&session_state=blah-blah-blah&code=BLAHBLAH
Access to XMLHttpRequest at
'https://keycloak.company.com/auth/realms/myrealm/protocol/openid-connect/auth?response_type=code&redirect_uri=http%3A%2F%2Fyourls.company.com%2Fadmin%2Fadmin-ajax.php&client_id=yourls&nonce=ec2c2.........&state=9ab......&scope=openid'
(redirected from 'https://yourls.company.com/admin/admin-ajax.php?action=add&url=https%3A%2F%2FLONG-URL-THAT-IWANT-TO-SHORTEN&keyword=&nonce=8489da0f63') from origin 'https://yourls.company.com' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I'm having the same issue, I think it might be related to yourls / the plugin not respecting the session cookie after authentication and trying to reauthenticate the XHR requests against the openid provider.
Overview
I setup the plugin with keycloak & everything is going well (login, logout,...) ,
However... except when clicking on the button which generates new shorten link :
I am getting this error on the browser console:
steps to reproduce :
Run yourls v1.8.1
Installing the following plugins :
Deploy everything thru the official helm chart
Configure keycloak as following:
Expected Behavior
I would expect that all actions should be authenticated with keycloak without bugs and errors.
Actual Behavior
Actually, the API responsible for generating the shorten link (Which is the main functionality) is not working and it's thrown CORS issue
Attempts to fix :
Unfortunately, it does not work, and i am still getting the same issue.
Tips :
with redhat keycloak, it's not only realm url, client id, and client secret, but also you can pass other atteributes. Is it about supporting other attributes like
"enable-cors": true
. REF: https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/html/securing_applications_and_services_guide/openid_connect_3is this helpful also ? https://stackoverflow.com/a/60258569/747579
The text was updated successfully, but these errors were encountered: