Micronaut - Enable CORS in built in security controllers

Question

Micronaut is used in one of my projects. I am enabling JWT security feature of micronaut with built in login, logout controllers. But when I hit /login endpoint, it gives me below error:

Access to XMLHttpRequest at 'micronaut-login-endpoint' from origin 'front-end-enpdpoint' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Snippet from application.yml:

micronaut:
  application:
    name: app-name
  server:
    port: *port*
    cors:
      enabled: true
      configurations:
        web:
          allowedOrigins:
            - *front-end-enpdpoint*
          allowedHeaders:
            - Content-Type
          allowedMethods:
            - POST
            - GET
            - OPTIONS
  security:
    enabled: true
    endpoints:
      login:
        enabled: true
      logout:
        enabled: true
      oauth:
        enabled: true
    token:
      enabled: true
      jwt:
        enabled: true

Can someone help me with this issue? Can someone from the micronaut core community like @Jeff-Scott-Brown please help me?

Answer 1

I recently faced this issue and I was able to tackle this using this issue thread.

So, following this mdn CORS article. I found out there are two types of CORS requests, simple and preflighted. In case of auth the Authorization header is modified which requires preflighted requests. In preflighted, an http OPTIONS(http method) request is made to the server to confirm its identity. Now micronaut does not have an options end point which can be tackle by just creating the OPTIONS controller as mentioned in the github issue.