CorsConfigurationSource DispatcherServlet returns 403 for request when Access-Control-Request-Method header is included [SPR-17634] #22165
Labels
in: web
Issues in web modules (web, webmvc, webflux, websocket)
status: invalid
An issue that we don't feel is valid
mike baranski opened SPR-17634 and commented
See Reference URL. I have this configuration:
If I make a CURL request like this I get 403 from the Dispatcher servlet -
If I make a CURL request without the Access-Control-Request-Method header it works. Clearly I have allowed that header and the POST is a valid endpoint in my app:
If I add this to the AuthEndpoint class it works with both CURL requests:
@CrossOrigin(origins = "http://localhost:3000")
Affects: 5.1.3
Reference URL: https://stackoverflow.com/questions/54000519/spring-boot-cors-configuration-issue-access-control-request-method-post/54002148#54002148
The text was updated successfully, but these errors were encountered: