Description
I am using spring-boot-autoconfigure version 2.2.5.RELEASE.
I have added CORS mapping in a WebMvcConfiguer in my application:
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("http://localhost:8123")
.allowedMethods("GET", "PUT", "POST", "DELETE")
.allowedHeaders("*")
.allowCredentials(true);
}
}This works in my test setup, when I load http://localhost/version in an iframe embedded in http://localhost:8123
This fails with a CORS error when I load http://localhost/
This fails because WelcomePageHandlerMapping has a null CorsConfigurationSource.
Bug 1:
WebMvcAutoConfiguration.welcomePageHandlerMapping() does not call WelcomePageHandlerMapping.setCorsConfigurations(getCorsConfigurations()).
WebMvcAutoConfiguration.requestMappingHandlerMapping does call this function (in super.requestMappingHandlerMapping), so for regular requests, CORS is handled correctly. welcomePageHandlerMapping() should do this as well.
Bug 2:
A workaround could involve a custom configuration, or a PostConstruct handler, or something, that called WelcomePageHandlerMapping.setCorsConfigurations().
But WelcomePageHandlerMapping is a non-public class, so there is no clean way to do this.