Support for requests with HTTP-method "OPTIONS"

[pschild]

Before a POST request can be sent, a "preflight" request in form of a OPTIONS request is made. So the API should allow OPTIONS requests as well. Otherwise the original POST request fails. See https://www.html5rocks.com/en/tutorials/cors/ for reference.

[pschild]

Also see https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS:

Additionally, for HTTP request methods that can cause side-effects on server's data (in particular, for HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers "preflight" the request, soliciting supported methods from the server with an HTTP OPTIONS request method, and then, upon "approval" from the server, sending the actual request with the actual HTTP request method.

and https://spring.io/understanding/CORS#pre-flight-requests:

The preflight request is essentially asking the server if it would allow the DELETE request, without actually sending the DELETE request.

[pschild]

Workaround is to create a WebConfig to allow CORS explicitly in org.wickedsource.coderadar.security package. See the attached file: WebConfig.java.txt

[thombergs]

When I activate the CORS config from your example, I get 403 Errors when issuing an OPTIONS request. Let's talk about this some more, so I understand it correctly.

[trzpiot]

Is that still a thing?