Spring Boot CORS Configuration not working when deployed to Google App Engine

Question

I have 2 GAE's one is hosting a Spring boot backend, and the other a Vue.js frontend. When I test it locally the CORS configuration works fine but when I deploy to the GAE I get the response of:

Access to fetch at BACKEND/function from origin FRONTEND has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

My Spring Security CORS config looks like this:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity security) throws Exception {
        security.cors().and().csrf().disable().httpBasic().disable();
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList(frontend-url));
        configuration.setAllowedMethods(Arrays.asList("POST"));
        configuration.setAllowedHeaders(Arrays.asList("*")); 
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

I have been stuck on this for nearly a day now any help would be massively appreciated. Let me know if you need any more information.

Answer 1

Try to set allowed headers and consider configuration.setExposedHeaders:

configuration.setAllowedHeaders(Arrays.asList("Access-Control-Allow-Origin", "Origin"));

And maybe you need to add GET to allowed methods:

configuration.setAllowedMethods(Arrays.asList("GET", "POST"));