I'm encountering a CORS "405 Method Not Allowed" error when my Micronaut service receives preflight requests from a different domain (https://app.company.com). The issue occurs in our development environment but not locally.
Here's my Micronaut CORS configuration:
micronaut:
server:
cors:
enabled: true
configurations:
ui:
allowed-origins:
- 'https://app.company.com'
I've already tried the following approaches without success in the dev environment:
Access-Control-Request-Method Header: As suggested in https://github.com/micronaut-projects/micronaut-core/issues/9992, I added the header Access-Control-Request-Method: GET to the client-side request. This also works locally but not in dev.Details:
GET requests to the Micronaut service.OPTIONS request.allowed-origins configuration is correctly set in the dev environment.Question:
What could be causing the "405 Method Not Allowed" error for the preflight OPTIONS request in the development environment, despite the CORS configuration and attempted solutions? Are there any environment-specific configurations or Micronaut settings that might be interfering with CORS handling? What are the possible debugging steps to further investigate this issue in the dev environment?
micronaut version: 4.9.0 micronaut HTTP server Version: 4.9.5
Hours of debugging, I found the root cause: I forgot to define the key and value in my Kubernetes ConfigMap in the Terraform config. This had several consequences:
The application received an empty list for `allowedOrigins` in the CORS configuration
The CORS filter couldn't match the request's origin against the empty allowed origins list
For preflight requests, the filter simply passed the request down the chain
Since I hadn't implemented any handler for OPTIONS requests in my application, it resulted in a 405 Method Not Allowed error