Tags
People
Badges
Help-
CORE FRAMEWORK
FEATURED COMPONENTS
-
RESOURCES
-
LEARN ZK
RESOURCES
I have zk 9.5.0.3 running in a spring-boot environment (zk-springboot version 2.3.1).
I have an interesting effect that has been different before (as far as I remember):
When there is a session timeout or even a server shutdown of the "zk"-application there is NO message in the frontend - just all UI elements are dead (there is literally NO effect on a button click or whatsoever).
Is there anything I need to configure to get at least a message like "timeout" or "cannot connect to server"?
I found the problem: we use keycloak as user management and authentication service. There is a problem with CORS (cross origin resource sharing) ajax requests.
Access to fetch at 'http://...' (redirected from 'http://.../zkau') from origin 'http://...' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Anybody aware of this problem? Do I need to configure zk properly to allow this "access"?
ZK only sends ajax to the same domain of your app e.g your application is in domain-a, then it sends AJAX request to http://domain-a/zkau
According to your error message:
`Access to fetch at 'http://domain-b' (redirected from 'http://.../zkau') from origin 'http://domain-a
So you configure the server at domain-a to allow the origin from domain-a
Access-Control-Allow-Origin: https://domain-a
It's a server-related configuration, not ZK, so please check your server document. For example, this is Tomcat 9 CORS_Filter.
After solving the CORS issue, since you are using the SSO solution, keycloak, you might need to read https://www.zkoss.org/wiki/ZKDeveloper%27sReference/SecurityTips/SSORedirect_Handling
Asked: 2022-04-11 22:14:26 +0800
Seen: 11 times
Last updated: Apr 13 '22