3 min read

Spring Security & Keycloak - CORS Configuration

Spring Security & Keycloak - CORS Configuration

Intro

If you've ever configured a frontend-backend application, you definitely ran into this issue:

✅   GET requests work as expected

❌   POST/PUT/PATCH/DELETE requests return 403 Forbidden even if the security token sent on the requests is correct.

This is happening because of the default CORS configuration.

In this article we're assuming we use a Spring Boot application configured with Spring Security 4.x as a resource server.

This post is for subscribers only


You might also like...

Dec
06
Spring Boot ft. Keycloak - Resource - Authorization Server

Spring Boot ft. Keycloak - Resource - Authorization Server

Can you find a better couple? Recently I was being put in the position of needing to set up the
4 min read
Jun
27
Spring Security (series) - Method authorization #7

Spring Security (series) - Method authorization #7

Spring Security can go deeper than just URL matchers! 🐳 Brief When adding authorization rules to our application, we can either:
3 min read
May
30
#springsecurity

Spring Security (series) - Authorities and Roles #6

Now that we know who you are, let's see what you CAN do 🧐 ! Brief So we got through
3 min read
May
20
#springboot #security #github

Spring Security (series) - GitHub SSO #5

Let GitHub handle the headache of your user management. Brief I always wanted to know how that magic 'Sign
3 min read
May
04
Spring Security (series) - OAuth Grant Types #4

Spring Security (series) - OAuth Grant Types #4

Simple is not always better! Brief Let's start with understanding what a Grant Type actually means.   The OAuth
3 min read