How to alter allowed headers in Spring Boot

Question

I\'m currently using Auth0 (and an Angular 2 GUI), which sends a header of the type \"x-xsrf-token\" in the request to a Spring Boot API.

I get the error:

Answer 1

Believe this is already under discussion on the issue you posted here but thought it worth replying on SOF since you have raised the question here too.

What you can do, is modify your AppConfig to override the CORS Filter setting from the default library config with your own updated CORS Filter implementation

I think in your case, this might be just appending x-xsrf-token to this line:

response.setHeader("Access-Control-Allow-Headers", "Authorization, Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, " +
                "Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");

However, as i have stated in the github issue (linked above), if you send me your HAR file I can verify this is definitely the case and provides a working solution for you.