Access-Control-Allow-Origin accepted on https://keycloak/auth/realms/MYREALM

Hello all,

I have a keycloak 16.1 with a realm MYREALM.
When I send a POST request to https://keycloak/auth/realms/MYREALM/protocol/openid-connect/token I can see that if I use an Origin header not whitelisted I don’t get “Access-Control-Allow-Credentials:true” and “Access-Control-Allow-Origin:MYORIGIN” in the response header.
Now if I try a GET request to https://keycloak/auth/realms/MYREALM from any Origin it will be accepted and get that “Access-Control-Allow-Credentials:true” and “Access-Control-Allow-Origin:MYORIGIN” in the response header.
I can’t figure out where to define the accepted origins for this (shorter) path.
Can anyone point me in the right direction?