Invalid CORS request in Spring

Question

I am trying to enable certain IPs to access a particular method.

@Override
public void addCorsMappings(CorsRegistry registry) {
    registry.addMapping("/updateDetail")
    .allowedOrigins("127.0.0.1", "10.96.33.45")
    .allowedMethods("GET", "POST");
}

But when I am trying to call the same method I am getting invalid CORS request. Can anyone help me with this?

Answer 1

"Invalid CORS request" is returned by org.springframework.web.cors.DefaultCorsProcessor when

1. Spring is configured to use CORS and
2. browser sends "Origin" header with the request and it does not match with your server domain/port/scheme and
3. response does not have "Access-Control-Allow-Origin" header and
4. the request is not a preflight request.

If you don't need CORS, call cors().disable() in your implementation of WebSecurityConfigurerAdapter#configure(HttpSecurity http) (there might be other ways to do this, for example if you use Spring Boot).

Or you could add "Access-Control-Allow-Origin" header to your reponses using e.g. org.springframework.web.cors.CorsConfiguration or addCorsMappings (like you did, but maybe you should add more methods or url or IP doesn't match?).