I have two keycloack clients, Angular 4: with Access Type credentials authentication A JAX RS Application (which will be the resource server): with bearer-only authentication! In this client we activate CORS, as shown by the following json. > { > "realm": "demo-realm", > "bearer-only": true, > "auth-server-url": "http://demo-keycloack-server:8080/auth <http://demo-keycloack-server:8080/auth>";, > "ssl-required": "external", > "resource": "demo-server", > "enable-cors": true > } The problem is that the requests to the JAX-RS Application when the response status is Unauthorized 401, this response do not brings the required CORS Headers to javascript client! How can we add the respective CORS Header when the HTTP Status is 401 ? _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user