Spring Security CORS issue when passing Authorization header [duplicate]
I read and understood much more on preflight requests and the way it work.A quick thought i had was to let OPTIONS request to go through so i had added the following code to my WebSecurityConfigurerAdapter.
@Overrideprotected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers(HttpMethod.OPTIONS,"*").permitAll()//allow CORS option calls .antMatchers("/oauth/token").permitAll() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic();}
And no extra headers from Angular ui except Authorization.
I hope this works for everyone. I know now that OPTIONS are vulnerable, but this was just a quick workarount.Please suggest me if you have a better, safer solution.