search

zmartzone / lua-resty-openidc

OpenID Connect Relying Party and OAuth 2.0 Resource Server implementation in Lua for NGINX / OpenResty
Apache License 2.0
964 stars 247 forks source link

CORS error on xhr request if logged out #504

Closed MelnykVL closed 9 months ago

MelnykVL commented 9 months ago

Hello,

I have a problem with working in two tabs. When I log in to an app, duplicate tab, log out from the second tab, and return to the first tab where I am still "logged" and make xhr request, I get CORS error.

image image

But if I do the same steps but make not xhr request, everything is ok (I'm redirected to the login page).

image

I tried adding Access-Control-Allow-Origin = header using nginx.conf and lua, set Web origins = in Keycloak but nothing helps Someone can answer why?

Expected behaviour

Redirect to the login page

Actual behaviour

Get CORS error

ogun- commented 2 months ago

@MelnykVL I ran into the same issue. Where you able to solve it? If yes how?