Closed vigenere23 closed 6 months ago
After further investigation, I now realize that this it due to a breaking change in Spring Security. I did not find any announcement about this, but @EnableWebSecurity
(or another annotation) no longer includes the @Configuration
annotation, which means that the SecurityFilterChain
no longer gets automatically registered. Adding the configuration annotation fixed the problem. Sorry for the bothering.
Expected behavior
Frontend behaviour should not change. If a new CORS behaviour was implemented in v6, it should have been written in documentation.
It's really hard to know at which layer the problem occurs. Maybe it's a SpringBoot 3 / Spring 6 breaking change, but I haven't seen anything in their changelogs related to it. Maybe it's a graphql-java error.
Actual behavior
The
OPTIONS
request gets blocked on the browser.Firefox error:
Chrome error:
Steps to reproduce
Spring configuration:
DGS version : 6.0.5 Spring Boot : 3.0.6 Kotlin : 1.9.20 JVM target : 17
I have tried all the solutions in https://stackoverflow.com/questions/58026768/enable-cors-origin-graphql, and nothing works (properties change, adding manual CorsFilter or CorsConfigurationSource, adding a manual WebMvcConfigurer, etc.)
To your knowledge, has anything changed in DGS or Spring for the CORS policies?