https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @Component @Order(Ordered.HIGHEST_PRECEDENCE) public class CorsFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException { httpServletResponse.setHeader("Access-Control-Allow-Origin", "*"); httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); httpServletResponse.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type"); if ("OPTIONS".equalsIgnoreCase(httpServletRequest.getMethod())) { httpServletResponse.setStatus(HttpServletResponse.SC_OK); } else { filterChain.doFilter(httpServletRequest, httpServletResponse); } } }