CorsEnabled=false not working for Spring-Boot-Service-Configs #682
Description
Currently I try to use GraphQL-Java-Kickstart with the newest version 11.1.0 but since I have problems with the CORS-Configuration on my services - its not working anymore for me.
I deactivated the CORS for the GraphQL-Servlet but i will be initalized anyway - but i dont want to make on each service a own GraphQL-Servlet CORS-Config - the Cors-Config should be central for each API Request configured in the API-Gateway itself.
I just want that the Spring Cloud Gateway is handeling the CORS Configuration for our Microservices - but since the newest versino its not working anymore - with 11.0.0 it works like expected.
My GraphQL setting in application.yaml of a Service which provides GraphQL-Endpoints for example is:
graphql:
servlet:
cors-enabled: false
The config of the Spring Cloud Gateway looks like:
gateway:
discovery:
locator:
enabled: true
lower-case-service-id: true
globalcors:
cors-configurations:
'[/**]':
allowCredentials: true
allowedOrigins: "*"
allowedMethods:
- GET
- POST
- DELETE
- PATCH
- PUT
- HEAD
- OPTIONS
allowedHeaders:
- Authorization
- Content-Type
- actor
- tenant_id
- x-requested-with
maxAge: 3600
The result of this configuration with Version 11.1.0 is an "invalid CORS request" --> 403