TimeOut Alert error (caused by CORS issue)

asked 2021-10-06 21:56:22 +0800

Ignis11 gravatar image Ignis11
11 1


I have an issue with default TimeOut message due to CORS error: When ZK Desktop is clear due to reboot or timeout, error message only works in http://localhost (Chrome CORS disabled for localhost origin)

When I try to test in server envs, following error appears in the chrome console:

Access to fetch at 'https://v3.com/FedBroker/as/authorization.oauth2?response_type=code&client_id=&scope=openid%20profile&state=v63OUEc3rafyEIYk2dFRJMcahu3xUxa94h1a_xnvNc4%3D&redirect_uri=https (https://v3.com/FedBroker/as/authorization.oauth2?responsetype=code&clientid=&scope=openid%20profile&state=v63OUEc3rafyEIYk2dFRJMcahu3xUxa94h1axnvNc4%3D&redirecturi=https)://server.com/login/oauth2/code/&nonce=GMfgumC62PuUIy3oyEJ__4B0CY03JCdn7RL3yaPfQ0Q' (redirected from 'https://server.com/zkau') from origin 'https://server.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

And js alert with message: "Failed to fech(TypeError)"

  • ZK version EE
  • Spring Boot version: 2.5.5
  • zkspringboot version: 2.5.3

SSO is setup by OpenId via Spring Security frameworks, and it´s running perfectly except ZK Default Time Out alert.

Could you help on this error?

delete flag offensive retag edit

3 Answers

Sort by » oldest newest most voted

answered 2021-10-07 10:10:39 +0800

cor3000 gravatar image cor3000
6168 2 7
ZK Team

I am not sure I interpret the case correctly. To me it looks like you shouldn't try to fix the error message, and instead fix underlying the redirect to login mechanics.

The red flag to me is this part of the error message.

(redirected from 'https://server.com/zkau)

As we describe in this article about SSO Redirect Handling an ajax request (to /zkau) redirecting to a login page is technically not correct. An AJAX response can never display an HTML login page. Especially ZK expects JS data from the server not an HTML document containing a login page. Instead of a redirect you should configure spring security respond with an error 403 for ajax requests (/zkau) after an SSO timeout. Then you can handle the error code at JS level to initiate the redirect.

Examples given in the article, then also the CORS problems will disappear.

Here the example spring configuration to return errors for /zkau https://github.com/zkoss/zkspringboot/blob/redirect302/zkspringboot-demos/zkspringboot-security-demo/src/main/java/org/zkoss/zkspringboot/security/WebSecurityConfig.java#L48-L51

link publish delete flag offensive edit

answered 2021-10-08 18:00:31 +0800

Ignis11 gravatar image Ignis11
11 1


Thanks for your tips. But the issue is a little bit different. When I deploy the project in localhost (CORS constraint are not enabled) and ZK Default Timeout message is working well, even with SSO redirection.

When I deployed the project in remote server... Fetch error appears. I tried to setup spring to respond with error 403, and I received the eror 403 in the browser, but is it not managed by Timeout component or <error-reload> zk capabilities.

link publish delete flag offensive edit


could be affected by this BUG https://tracker.zkoss.org/browse/ZK-4742 fixed since ZK 9.5.1

cor3000 ( 2021-10-08 18:36:38 +0800 )edit

in case the problem is not solved please contact our support, to get dedicated help.

cor3000 ( 2021-10-15 09:17:53 +0800 )edit

answered 2021-10-15 16:11:34 +0800

Ignis11 gravatar image Ignis11
11 1

I have an EE license as developer but I'm not sure how to contact to start a support ticket. Could you help on that?


link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

1 follower



Asked: 2021-10-06 21:56:22 +0800

Seen: 9 times

Last updated: yesterday

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More