Keycloak: Token request fails in Safari due to failed access control checks

[brandonwood98]

Currently, the client sets a User-Agent request header for all identity providers. This can be found here

When this request is made on Safari, the request fails access control checks due to Keycloak not listing User-Agent as an allowed request header. This is what the error looks like:

[Error] Request header field User-Agent is not allowed by Access-Control-Allow-Headers.

This is not an issue on Chrome-based browsers, which appear to have more lax access control checks.

Is there any way the client could be configured as not to attach this header? At least specifically for Keycloak?

[pilcrowonpaper]

The library is mostly intended to be used server-side but I do plan to make the client entirely configurable in the future.

We also include a Content-Length header but is that also blocked?

[brandonwood98]

Thanks for getting back to me on this @pilcrowonpaper

It’s only the user agent header that appears to cause a problem. After applying a patch that removes that header, the package works perfectly fine on Safari