diff --git a/examples/cors/angular-product-app/src/main/webapp/index.html b/examples/cors/angular-product-app/src/main/webapp/index.html
index 54bb9d6fbb..6cef8b9166 100755
--- a/examples/cors/angular-product-app/src/main/webapp/index.html
+++ b/examples/cors/angular-product-app/src/main/webapp/index.html
@@ -34,6 +34,7 @@
             </tbody>
         </table>
     </div>
+    <hr />
     <div>
         <h2><span>Realm Roles</span></h2>
         <button type="submit" data-ng-click="loadRoles()">load Roles</button>
@@ -52,6 +53,7 @@
             </tbody>
         </table>
     </div>
+    <hr />
     <div>
         <h2><span>Social providers</span></h2>
         <button type="submit" data-ng-click="loadServerInfo()">load available social providers</button>
@@ -67,7 +69,18 @@
             </tr>
             </tbody>
         </table>
-     </div>
+    </div>
+    <hr />
+    <div>
+        <h2><span>Realm info</span></h2>
+        <button type="submit" data-ng-click="loadPublicRealmInfo()">Load public realm info</button>
+
+        <div data-ng-show="realm">
+            Realm name: {{realm.realm}} <br/>
+            Public key: {{realm.public_key}} <br/>
+        </div>
+    </div>
+    <hr />
 </div>
 </body>
 </html>
diff --git a/examples/cors/angular-product-app/src/main/webapp/js/app.js b/examples/cors/angular-product-app/src/main/webapp/js/app.js
index 402ab84489..699644ed50 100755
--- a/examples/cors/angular-product-app/src/main/webapp/js/app.js
+++ b/examples/cors/angular-product-app/src/main/webapp/js/app.js
@@ -66,6 +66,12 @@ module.controller('GlobalCtrl', function($scope, $http) {
 
     };
 
+    $scope.loadPublicRealmInfo = function() {
+        $http.get("http://localhost-auth:8080/auth/realms/cors").success(function(data) {
+            $scope.realm = angular.fromJson(data);
+        });
+    };
+
     $scope.logout = logout;
 });
 
diff --git a/services/src/main/java/org/keycloak/services/resources/Cors.java b/services/src/main/java/org/keycloak/services/resources/Cors.java
index b0512ff068..68ac2cc53c 100755
--- a/services/src/main/java/org/keycloak/services/resources/Cors.java
+++ b/services/src/main/java/org/keycloak/services/resources/Cors.java
@@ -34,6 +34,8 @@ public class Cors {
     public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
     public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
 
+    public static final String ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD = "*";
+
 
     private HttpRequest request;
     private ResponseBuilder builder;
@@ -85,6 +87,13 @@ public class Cors {
         return this;
     }
 
+    public Cors allowedOrigins(String... allowedOrigins) {
+        if (allowedOrigins != null && allowedOrigins.length > 0) {
+            this.allowedOrigins = new HashSet<String>(Arrays.asList(allowedOrigins));
+        }
+        return this;
+    }
+
     public Cors allowedMethods(String... allowedMethods) {
         this.allowedMethods = new HashSet<String>(Arrays.asList(allowedMethods));
         return this;
@@ -101,7 +110,7 @@ public class Cors {
             return builder.build();
         }
 
-        if (!preflight && (allowedOrigins == null || !allowedOrigins.contains(origin))) {
+        if (!preflight && (allowedOrigins == null || (!allowedOrigins.contains(origin) && !allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)))) {
             return builder.build();
         }
 
@@ -135,7 +144,7 @@ public class Cors {
             return;
         }
 
-        if (!preflight && (allowedOrigins == null || !allowedOrigins.contains(origin))) {
+        if (!preflight && (allowedOrigins == null || (!allowedOrigins.contains(origin) && !allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)))) {
             logger.debug("!preflight and no origin");
             return;
         }
diff --git a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
index 565303c331..49b5ec536f 100755
--- a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
@@ -2,13 +2,18 @@ package org.keycloak.services.resources;
 
 import org.jboss.logging.Logger;
 import org.jboss.resteasy.annotations.cache.NoCache;
+import org.jboss.resteasy.spi.HttpRequest;
+import org.jboss.resteasy.spi.HttpResponse;
 import org.keycloak.models.RealmModel;
 import org.keycloak.representations.idm.PublishedRealmRepresentation;
 import org.keycloak.services.resources.admin.AdminRoot;
 
 import javax.ws.rs.GET;
+import javax.ws.rs.OPTIONS;
+import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
 
 /**
@@ -23,12 +28,29 @@ public class PublicRealmResource {
     @Context
     protected UriInfo uriInfo;
 
+    @Context
+    protected HttpRequest request;
+
+    @Context
+    protected HttpResponse response;
+
     protected RealmModel realm;
 
     public PublicRealmResource(RealmModel realm) {
         this.realm = realm;
     }
 
+    /**
+     * CORS preflight
+     *
+     * @return
+     */
+    @Path("/")
+    @OPTIONS
+    public Response accountPreflight() {
+        return Cors.add(request, Response.ok()).auth().preflight().build();
+    }
+
     /**
      * Public information about the realm.
      *
@@ -38,6 +60,7 @@ public class PublicRealmResource {
     @NoCache
     @Produces("application/json")
     public PublishedRealmRepresentation getRealm() {
+        Cors.add(request).allowedOrigins(Cors.ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD).auth().build(response);
         return realmRep(realm, uriInfo);
     }