...
This enables the CORS pre-flight request handling from two example origins, when the HTTP request header Access-Control-Request-Method is set to POST.
Debugging
The debug-logging of the Spring class org.springframework.web.cors.DefaultCorsProcessor is useful for debugging why the pre-flight requests may fail.
Some examples of log-lines when the pre-flight request has not been compatible with the shibboleth.CorsConfiguration:
| Code Block |
|---|
2024-05-31 13:37:29,843 - DEBUG [org.springframework.web.cors.DefaultCorsProcessor:119] - Reject: 'http://localhost:8082' origin is not allowed |
| Code Block |
|---|
2024-05-31 13:37:57,109 - DEBUG [org.springframework.web.cors.DefaultCorsProcessor:127] - Reject: HTTP 'GET' is not allowed |