Published in : 2022-02-26

React KeyCloak : keycloak js header Access-Control-Allow-Origin sent twice in response

React js

Hello I now integrate keycloak with my react app.

We admin the server to deal :

- //localhost:xxxx
- //
with the same domain as our keycloak server

With the second link  // we got the error

 we get CORS error : 

Access to XMLHttpRequest at '//' from origin '//' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '//, //, but only one is allowed.
keycloak.js:750          POST // net::ERR_FAILED 200

 With the first link //localhost:xxxx all is working fine.

The main difference I could see is in the two requests for cors in the request headers:


With the first link //localhost:xxxxSec-Fetch-Mode: corsSec-Fetch-Site: cross-site
With the second link // Sec-Fetch-Mode: corsSec-Fetch-Site: same-site


Thanks for your help



nico Date : 2022-03-06

Best answers


Best answers


Hello I realised that the keycloak is behind a reverse-proxy HAProxy.

It is very likely that both keycloak first then HAProxy added the headers in the response… when we have the cors triggered !

I will ask this week the admin as he was on holidays.

I think my answer can help other people : remember to look at the full scope of the environment!

Leave a comment

Join us

Join our community and get the chance to solve your code issues & share your opinion with us

Sign up Now

Related posts

How to use SetFieldValue from outside render function? Formik
Publish date: 2021-07-03 | Comments: 2

Tag: React js

[solved] Reactjs is not updating the props
Publish date: 2022-02-04 | Comments: 2

Tag: React js

Best way to update the state in one class component from the redux store?
Publish date: 2022-03-30 | Comments: 3

Tag: React js

Module not found: Can't resolve 'swiper' in Reactjs [Solved]
Publish date: 2021-10-03 | Comments: 1

Tag: React js

[solved] useEffect is repeating the request Reactjs
Publish date: 2022-04-07 | Comments: 2

Tag: React js