/account/credentials/password succesful but returns CORS No Access-Control-Allow-Origin header present

Keycloak v11.0.0
Access type: confidential
We have custom login with JWT auth.

So we want to implement simple form where user can update his password on “current password” and “new password” form.


Password updates but throws CORS error:
“Access to XMLHttpRequest at ‘https:///auth/realms//account/credentials/password’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

Web Origins is set to: *
Tried changing to + and settings “Valid Redirect URIs” to http://localhost:4200.

No difference.

We call /protocol/openid-connect/token in a simmilar way to refresh the token, but we dont get the CORS error there.