Keycloak Auth endpoint sends a 405 Method Not Allowed on Preflight Request

[ItsJuzoSuzuya]

Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

adapter/javascript

Describe the bug

Keycloak returns a 405 Method Not Allowed on an OPTION preflight request after an express server tries to forward an unauthenticated user from the browser to the keycloak login page.

Version

26.0.5

Regression

• The issue is a regression

Expected behavior

My React frontend sends a request to a secured endpoint in my express proxy. The proxy returns a 302 Found to the frontend. The frontend sends a preflight request that returns the Access-Control-Allow-Origin header and forwards my frontend to the login page.

Actual behavior

When the preflight request happens the request returns a 405 Method Not Allowed error and lables it as a CORS Missing Allow Origin, since the Access-Control-Allow-Origin header is not returned.

How to Reproduce?

Send a Get request from a react frontend to a keycloak-connect protected express endpoint.

Anything else?

No response