CorsEnabled=false not working for Spring-Boot-Service-Configs

[flaxoiu]

Currently I try to use GraphQL-Java-Kickstart with the newest version 11.1.0 but since I have problems with the CORS-Configuration on my services - its not working anymore for me.

I deactivated the CORS for the GraphQL-Servlet but i will be initalized anyway - but i dont want to make on each service a own GraphQL-Servlet CORS-Config - the Cors-Config should be central for each API Request configured in the API-Gateway itself.

I just want that the Spring Cloud Gateway is handeling the CORS Configuration for our Microservices - but since the newest versino its not working anymore - with 11.0.0 it works like expected.

My GraphQL setting in application.yaml of a Service which provides GraphQL-Endpoints for example is:

graphql:
servlet:
cors-enabled: false

The config of the Spring Cloud Gateway looks like:
gateway:
discovery:
locator:
enabled: true
lower-case-service-id: true
globalcors:
cors-configurations:
'[/**]':
allowCredentials: true
allowedOrigins: "*"
allowedMethods:
- GET
- POST
- DELETE
- PATCH
- PUT
- HEAD
- OPTIONS
allowedHeaders:
- Authorization
- Content-Type
- actor
- tenant_id
- x-requested-with
maxAge: 3600

The result of this configuration with Version 11.1.0 is an "invalid CORS request"  --> 403

[priyaaggarwal24]

Hi @flaxoiu,

I had faced this issue as well, you need to turn off CORS like this

graphql:
  servlet:
    corsEnabled: false

cors-enabled property doesn't work