Spring Boot 403 Forbidden Error on PUT Request

Question

When I make a request to my RESTful backend, I get a 403 error and it blocks my request. The logs say it is secured.

React.ts frontend request:

await axios.put(`http://localhost:8080/api/data/setLikesOnPost`, {
    isLike: newLikeState,
    postId: trendId,
    userId: user.sub,
});

Java spring boot backend:

    @PutMapping("/data/setLikesOnPost")
    public ResponseEntity<String> setLikesOnPost(@RequestBody LikeRequest request) {
        try {            
            String userId = request.getUserId();
            String postId = request.getPostId();
            boolean isLike = request.isLike();
                        
            StorageManager storageManager = new StorageManager();
            int updatedLikes = storageManager.setLikesOnPost(userId, postId, isLike);
            
            return ResponseEntity.ok("{\"status\":\"success\",\"likes\":" + updatedLikes + "}");
        } catch (Exception e) {
            e.printStackTrace();
            return ResponseEntity.ok("{\"status\":\"error\",\"message\":\"" + e.getMessage() + "\"}");
        }
    }

    public static class LikeRequest {
        private String userId;
        private String postId;
        private boolean isLike;

        public String getPostId() {
            return postId;
        }

        public String getUserId() {
            return userId;
        }

        public boolean isLike() {
            return isLike;
        }
    }

Security config for spring boot:

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        // Set security context strategy to MODE_INHERITABLETHREADLOCAL
        SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
        
        http
                .cors(cors -> cors.configurationSource(request -> {
                    CorsConfiguration config = new CorsConfiguration();
                    config.setAllowedOrigins(List.of("http://localhost:5173"));
                    config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
                    config.setAllowCredentials(true);
                    config.setAllowedHeaders(List.of("Authorization", "Content-Type", "X-XSRF-TOKEN"));
                    return config;
                }))
                .csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                        .requestMatchers("/api/**").permitAll()
                        .requestMatchers("/error", "/error/**").permitAll()
                        .anyRequest().permitAll())  // Change to permitAll() to allow anonymous access
                .anonymous(anonymous -> anonymous.principal("anonymousUser")
                                               .authorities("ROLE_ANONYMOUS"));
                                               
        return http.build();
    }

    @Bean
    public SecurityContextRepository securityContextRepository() {
        return new HttpSessionSecurityContextRepository();
    }

I want it to do my function and not reject it. I've tried most things like changing the security config to accept everything but it does not work.

Answer 1

The issue seemed to be an environmental issue that was bugged. It resolved itself after doing some tests.