SpringBoot CORS Preflight Did Not Succeed

I have a spring boot application using version 2.7.6 and in Kotlin. I have a frontend built with angular and I'm trying to send requests to my backend. I use spring security in my project. I am having trouble setting a cors configuration to allow my angular front to send requests to the backend while developping both.

From my research online, it seems like I need a cors configuration to allow the two to communicate while in development mode.

This is the cors configuration I have added to my project:


@Configuration
@EnableWebMvc
class CorsConfig : WebMvcConfigurer {
    override fun addCorsMappings(registry: CorsRegistry) {
        registry.addMapping("/**")
    }
}

This is how I set up the cors configuration in my WebSecurityConfig:

@EnableWebSecurity
@Configuration
class SecurityConfig @Autowired constructor(
    val authTokenFilter: AuthTokenFilter
){

    @Bean
    @Throws(Exception::class)
    fun filterChain(http: HttpSecurity): SecurityFilterChain? {
        http
            .httpBasic().disable()
            .csrf().disable()
            .authorizeRequests()
            .anyRequest()
            .permitAll()
            .and()
            .httpBasic()
            .and()
            .cors()

        http
            .addFilterBefore(authTokenFilter, WebAsyncManagerIntegrationFilter::class.java)
        return http.build()
    }
}

I have tried using the @CrossOrigin annotation on the Controller level but it doesn't seem to work either like specified here

I have found this similar issue and the proposed solutions doesn't work either.

I have also tried both solutions provided by this answer to a similar issue but it still doesn't work.

My spring boot application doesn't log any error. The only thing I can see is in my developer tools on my navigator like so: SpringBoot CORS Preflight Did Not Succeed

The request passes through via Postman and it seems like I need to allow OPTIONS preflight. I have tried adding them to my SecurityConfig doing http.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll() but it doesn't work either.

Does anyone know what I'm doing wrong or how I should configure the cors to be disabled throughout my application ?

Comment From: bclozel

Thanks for getting in touch, but it feels like this is a question that would be better suited to StackOverflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.

Comment From: hadestructhor

Understood, posted a question on stackoverflow at this link.