Affects: \
Comment From: sbrannen
I'm afraid that's not enough information to go on.
Can you please provide more details about what version of Spring Framework you were using before as well as a sample application that demonstrates the exact issue?
Comment From: skpandey91
@sbrannen Earlier I was using spring boot 2.4.6 and spring framework 5.3.8. Now I am upgrading to spring boot 2.5.7 and spring web 5.3.13. Earlier pre flight request were going through CorsFilter and able to find CorsConfiguration through UrlBasedCorsConfigurationSource but now all the request are going through AbstractHandlerMapping and executing PreFlightHandler and here CorsConfiguration is being injected as null and request are return 403 Forbidden.
Please help
Comment From: rstoyanchev
It's hard to tell anything based on this. If you can provide a sample, or since you have the application, you can try to debug further. Does it pass through CorsFilter, what does it do there, etc?
Alternatively, fix the Boot version to 2.4.6 and try varying the Spring Framework version to see what is the first version where it fails. If you can't get it to fail, then maybe it's not a change in the Spring Framework but in Boot or maybe Spring Security.
Please investigate further.
Comment From: rstoyanchev
FWIW I've reviewed the release notes for 5.3.9 through 5.3.13 and did not come across anything CORS related. Only 5.3.8 has a CORS change but that's the version that's working for you.
Comment From: skpandey91
@rstoyanchev this issue came to be related to spring security. For more detail please follow below link. https://github.com/spring-projects/spring-security/issues/10668
Comment From: sbrannen
@rstoyanchev this issue came to be related to spring security. For more detail please follow below link. spring-projects/spring-security#10668
Thanks for providing that feedback, @skpandey91.
Closing as a result of that.