Keycloak CORS Errors

Question

We have an angular app that sends a request for login from our own login page using password grant flow to our dev-mode keycloak server (v18.0.0) and get the following error:

CORS policy: The request client is not a secure context and the resource is in more-private address space `private`

We already set the Web Origins field of the realm to * but it is not helping....

The request comes from public url like http://testing.company.co to an internal URL of the K8S keycloack service http://keycloak.keycloak.svc.k8s-cluster.testing.io:8080/realms/testing-realm/protocol/openid-connect/token

In the web i see lots of places mentioning that we need to set the keycloak.enable-cors=true but I do not understand where exactly?

Another point, When we do it from our internal k8s url (of another cluster) then there is no problem

The configuration we run with are listed on this Question