SpringBoot Spring CORS Configuration is ignored after spring-boot 2.5.5 update

Hello

I have a project using spring-boot with spring-security As I was trying to update my versions, my CORS configuration stopped working properly, and I managed to identify that it works fine with the 2.5.4 version but fails starting with the 2.5.5 version

I basically have on one side a WebMvcConfigurer where I define my cors looking like this

@Configuration
public class CORSConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOriginPatterns("https://*.mysite.com")
                .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "PATCH");
    }

}

And then in my Security configuration

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().authorizeRequests().[etc...]
    }

}

What happens is that after upgrading to 2.5.5 or higher what I define in addCorsMappings is ignored and I just get the default behavior

Comment From: mbhave

I don't recall any change in Spring Boot that would cause this behavior. In order for us to be able to diagnose the problem accurately, please provide a sample application that we can run to reproduce the issue. The sample can be provided as a link to another github repository or attached as a zip to this issue.

Comment From: SimeonEvorra

Hello. I created this git repository where I reproduced the issue: https://github.com/SimeonEvorra/springboot-cors-bug-reproducer

While trying to reproduce I realized something: my CORS configuration is ignored only for the routes autogenerated by a @RepositoryRestResource. The routes created inside a @RestController are working fine. I used both in my test for comparison.

Comment From: wilkinsona

Thanks for the sample.

This failure appears to be due to a regression in Spring Data. Spring Boot 2.5.5 upgraded to Spring Data 2021.0.5 and, as described above, there is a test failure when the sample's configured to use Spring Boot 2.5.5. However, if I also configure the sample to downgrade Spring Data back to 2021.0.4 using a property of <spring-data-bom.version>2021.0.4</spring-data-bom.version>, the test passes.

Can you please open a Spring Data REST issue so that the Spring Data team can investigate? Please comment here with a link to the issue so that we can follow the investigation.