How to configure CORS and Basic Authorization in Spring Boot?
I think you need to allow OPTION
requests into your web security config. Something like:
.antMatchers(HttpMethod.OPTIONS, "/your-url").permitAll()
The browser checks CORS settings via a request with OPTIONS header. And if you've configured authorization, OPTIONS request will be blocked as unauthorized.
You can simply allow OPTIONS request via cors support in WebConfigurerAdapter.
@EnableWebSecuritypublic class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // ... http.cors(); }}
Check this link for more info: https://www.baeldung.com/spring-security-cors-preflight
Try this:
@Configurationpublic class CorsConfig { @Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(false); //updated to false config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("GET"); config.addAllowedMethod("PUT"); config.addAllowedMethod("POST"); source.registerCorsConfiguration("/**", config); return new CorsFilter(source); } @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurerAdapter() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/").allowedOrigins("http://localhost:3000"); } }; }}