Keycloak: No 'Access-Control-Allow-Origin' header is present on the requested resource

Question

Environment:

Keycloak: 18 on port 8080 Spring boot application running on port 8081 --Spring Security --Spring Cloud Gateway Angular UI running on port 4200

Error message as below thrown when spring security tries to authenticate with Keycloak

Access to XMLHttpRequest at 'http://xxx:8080/realms/mna/protocol/openid-connect/auth?response_type=code&client_id=cloud-gateway&scope=openid&state=cxZOIY-QnuDANVYpGfV_aO8uRkZNYHJYhL4pKzIHVPQ%3D&redirect_uri=http://xxx:8081/login/oauth2/code/keycloak&nonce=RSHQXckFMyo8TWyqT1GcFN204lOTgXxmip01JTxhfes' (redirected from 'http://xxx:8081/cities') from origin 'http://xxx:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Web origin of Keycloak Realm -> Client has been configured as "*" but still CORS issue is not resolved.

Browser response header as below:

Cache-Control: no-store, must-revalidate, max-age=0
Content-Language: en
content-length: 3486
Content-Security-Policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Content-Type: text/html;charset=utf-8
Referrer-Policy: no-referrer

Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block

Answer 1

If you look at the error close enough you will start to notice that error is not actually in Keycloak but in fact between your angular application and spring boot.

So no changes in your keycloak settings will resolve this error.
There are already pretty good answers in this SO question, please have a look - CORS with spring-boot and angularjs not working
In essence you need to enable your spring boot app to allow requests from the angular app

Answer 2

set below one in Application.properties in your spring boot application keycloak.cors=true

Then only "Web origin of Keycloak Realm -> Client has been configured as "*"" will be adhered.