Spring Security & Keycloak - CORS Configuration
Intro
If you've ever configured a frontend-backend application, you definitely ran into this issue:
✅ GET
requests work as expected
❌ POST/PUT/PATCH/DELETE
requests return 403 Forbidden
even if the security token sent on the requests is correct.
This is happening because of the default CORS configuration
.
In this article we're assuming we use a Spring Boot
application configured with Spring Security 4.x
as a resource server.