Spring Global CORS configuration not working but Controller level config does
In order for the global CORS config to work, the client must add these two headers in the OPTIONS request.
Origin: http://host.comAccess-Control-Request-Method: POST
However the @CrossOrigin annotation requires just the "Origin" header.
Your client probably adds the "Origin" header but is missing the "Access-Control-Request-Method".....thats why it works for you with the @CrossOrigin, but doesn't with the global config.
you didn't declared method in it which is by default accept only get method.try registry.allowedMethods("*");
I was facing the same issue and after setting the maxAge attribute everything started working ok!
@Beanpublic WebMvcConfigurer CORSConfigurer() { return new WebMvcConfigurer() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("*") .allowedHeaders("*") .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD") .maxAge(-1) // add maxAge .allowCredentials(false); } };}
if you check the CrossOrigin annotation it has a default value assigned to that attribute
/** * <p>By default this is set to {@code 1800} seconds (30 minutes). */long maxAge() default -1;