CORS preflight request fails due to a standard header

Question

While debugging a CORS issue I am experiencing I\'ve found the following behaviour. Chrome makes the following OPTIONS preflight request (rewritten in CURL by Chrome itself)

Answer 1

Edit: Enable CORS in security configuration and make sure options requests bypass security

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .cors()
            .and()
            .authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            // More security configuration here
}