From 5b19e34f50b3015e3235fdf43083154d8209c979 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Sat, 9 Nov 2013 13:11:30 +0000
Subject: [PATCH] Fixed allowed methods for retrieving token with cors

---
 .../main/java/org/keycloak/services/resources/TokenService.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index d3a262e5db..580473b7b6 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -435,7 +435,7 @@ public class TokenService {
         logger.debug("accessRequest SUCCESS");
         AccessTokenResponse res = accessTokenResponse(realm.getPrivateKey(), accessCode.getToken());
 
-        return Cors.add(request, Response.ok(res)).allowedOrigins(client).build();
+        return Cors.add(request, Response.ok(res)).allowedOrigins(client).allowedMethods("POST").build();
     }
 
     protected AccessTokenResponse accessTokenResponse(PrivateKey privateKey, SkeletonKeyToken token) {