[keycloak-user] CORS problems

Hello, I have protected a Java web application that's compiled in a WAR package and accessible through a Tomcat 8 sever. To do this I followed the steps here: https://keycloak.gitbooks.io/documentation/securing_apps/topics/oidc/java... My Java Application is a RESTful API which can only be accessed by authorized users that bear a token. In Keycloak I configured my client (and keycloak.json) as follows: {   "realm": "MainDomain",   "bearer-only": true,   "auth-server-url": "http://<My Keycloak Server>:8081/auth",   "ssl-required": "none",   "resource": "main-domain-server" } If I have a valid token I can access the service fine through cURL requests. However, using any browser (Firefox, Chrome, Opera, expect IE, which for some reason works) I can't access any resource through AJAX as I get CORS problems: "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401." I searched around and found I should put "enable_cors": true in my keycloak.json, however this causes the following CORS problem: "The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:3000, http://localhost:3000';, but only one is allowed. Origin 'http://localhost:3000' is therefore not allowed access." I think I'm out of ideas at the moment on what could be causing this. Does anyone have any idea what could be wrong in my configuration? My best regards, Silva