Hi all, We're a securing a client-side js app with Keycloak and we notice it's not adding CORS headers when response status code is not successful. Browser complains about missing 'Access-Control-Allow-Origin' header and it hides resource error code. Is there any reason it's not adding the header under this error condition? Is it a security issue? Thanks for the help! Ricardo.