Spring Security & Keycloak - CORS Configuration
If you've ever configured a frontend-backend application, you definitely ran into this issue:
GET requests work as expected
POST/PUT/PATCH/DELETE requests return
403 Forbidden even if the security token sent on the requests is correct.
This is happening because of the default
In this article we're assuming we use a
Spring Boot application configured with
Spring Security 4.x as a resource server.