diff --git a/examples/token-auth-keycloak/README.md b/examples/token-auth-keycloak/README.md
index 258b562..9c472b8 100644
--- a/examples/token-auth-keycloak/README.md
+++ b/examples/token-auth-keycloak/README.md
@@ -32,8 +32,23 @@ I will highlight required configuration for Basic Access Authentication Protocol
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header Host               $host;
     proxy_set_header X-Forwarded-Host   $host;
+
+    if ($request_method = "OPTIONS") {
+      add_header Access-Control-Allow-Origin $http_origin always;
+      add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
+      add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
+      add_header Access-Control-Allow-Credentials true always;
+      add_header Content-Type "text/plain charset=UTF-8";
+      add_header Content-Length 0;
+      return 204;
+    }
+
     # By default, keycloak returns 400 instead of 401, we need to change that
     if ($http_authorization = "") {
+      add_header Access-Control-Allow-Origin $http_origin always;
+      add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
+      add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
+      add_header Access-Control-Allow-Credentials true always;
       add_header WWW-Authenticate 'Basic realm="Keycloak login"' always;
       return 401;
     }
diff --git a/examples/token-auth-keycloak/conf/proxy/nginx.conf b/examples/token-auth-keycloak/conf/proxy/nginx.conf
index e2168e7..a187497 100644
--- a/examples/token-auth-keycloak/conf/proxy/nginx.conf
+++ b/examples/token-auth-keycloak/conf/proxy/nginx.conf
@@ -7,7 +7,6 @@ server {
     set $registry "http://registry:5000";
     set $ui "http://ui";
 
-
     #charset koi8-r;
     #access_log  /var/log/nginx/host.access.log  main;
 
@@ -44,7 +43,22 @@ server {
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Host               $host;
       proxy_set_header X-Forwarded-Host   $host;
+
+      if ($request_method = "OPTIONS") {
+        add_header Access-Control-Allow-Origin $http_origin always;
+        add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
+        add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
+        add_header Access-Control-Allow-Credentials true always;
+        add_header Content-Type "text/plain charset=UTF-8";
+        add_header Content-Length 0;
+        return 204;
+      }
+
       if ($http_authorization = "") {
+        add_header Access-Control-Allow-Origin $http_origin always;
+        add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
+        add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
+        add_header Access-Control-Allow-Credentials true always;
         add_header WWW-Authenticate 'Basic realm="Keycloak login"' always;
         return 401;
       }
@@ -52,6 +66,7 @@ server {
     }
 
     location /ui {
+      rewrite  ^/ui/(.*) /$1 break;
       proxy_pass $ui;
     }