From e217e9a175cca3db641f25e05ae75d9e86b0510f Mon Sep 17 00:00:00 2001
From: Thomas Darimont <thomas.darimont@googlemail.com>
Date: Sun, 22 Aug 2021 22:52:47 +0200
Subject: [PATCH] KEYCLOAK-18818 Add CORS preflight handler to token revocation
 endpoint

---
 .../protocol/oidc/endpoints/TokenRevocationEndpoint.java    | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenRevocationEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenRevocationEndpoint.java
index 6500d5f4bb..26b6e3c058 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenRevocationEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenRevocationEndpoint.java
@@ -21,6 +21,7 @@ import java.util.Objects;
 import java.util.stream.Collectors;
 
 import javax.ws.rs.Consumes;
+import javax.ws.rs.OPTIONS;
 import javax.ws.rs.POST;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
@@ -125,6 +126,11 @@ public class TokenRevocationEndpoint {
         return cors.builder(Response.ok()).build();
     }
 
+    @OPTIONS
+    public Response preflight() {
+        return Cors.add(request, Response.ok()).auth().preflight().allowedMethods("POST", "OPTIONS").build();
+    }
+
     private void checkSsl() {
         if (!session.getContext().getUri().getBaseUri().getScheme().equals("https")
             && realm.getSslRequired().isRequired(clientConnection)) {