Anthony Ikeda

This is driving me crazy, no matter how I configure the oAuth on the Spring Cloud Gateway the OPTIONS calls are all protected by security (returning a 401 every time...

> @anthonyikeda did you declare the beans of type CorsWebFilter and CorsConfigurationSource in your security config? those were the ones that helped me. @dgallego58 I've tried those options, however, it...

Yeah I don't know whats going on, it's working again today. I'm going to keep monitoring the application. As for browser sending the auth header on an options call, from...

Okay so it started working again because I'd taken the gateway resource server security config out (no longer authenticating at the gateway) I did come across this though: https://stackoverflow.com/questions/68143581/how-to-force-authentication-in-preflight-request >...

This finally fixed it, it wasn't just adding a CorsWebFilter Bean, but also setting the `@Order(Ordered.HIGHEST_PRECEDENCE)`: ``` @Bean @Order(Ordered.HIGHEST_PRECEDENCE) CorsWebFilter corsWebFilter(GlobalCorsProperties properties) { CorsConfiguration corsConfig = properties.getCorsConfigurations().get("/**"); UrlBasedCorsConfigurationSource source =...

IIRC the Access-Control-Allow-Origin header wasn't being added to each subsequent request, e.g. `GET /endpoint/path` and I somewhat had to hardcode it.

Also added was the spring gradle dependency management plugin so you can add a parent BOM to the project if required when upgrading to newer versions.