Having an app (running on agpushkeycloak-mobileqa.rhcloud.com) that is using Keycloak running on a different domain, e.g. keycloak-mobileqa.rhcloud.com.
App is having Ember.js + REST architeture, asking for data.
Browser (Firefox, Chrome) adds Origin header which is the same as Host header to Ajax call to REST api.
Request goes through Keycloak Auth Server, which identifies this as CORS request.
It fail unless user adds Origin to Web Origin via keycloak console.
Keycloak identifies Origin being same as host and does not treat request as CORS. It works out of the box.