java - Spring Boot CORS with HTTPS failing

Question

I am using Spring Boot to serve a simple REST controller with an Angular app. I configured a global CORS policy:

@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurer() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**")
                    .allowedOrigins("*")
                    .allowedMethods("GET", "PUT", "POST", "PATCH", "OPTIONS");
        }
    };
}

Now this works fine when using plain HTTP, however if I configure TLS in the application.properties like this:

server.port=8443
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=password
server.ssl.key-store-type=PKCS12

The requests are blocked. The angular console shows me, that the CORS failed.

Why does it fail when calling https://localhost:8443/test but succeeds when calling http://localhost:8080/test and no TLS configured?

I read the complete documentation.

Update

Here is the error message that the console logs:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:8443/test. (Reason: CORS request did not succeed).

Answer 1

Make a cors configuration in Class level Like this (which explicitly make Allow Cors-Origin):

        @Component
        @Order(Ordered.HIGHEST_PRECEDENCE)
        public class MyCorsConfig implements Filter {

            @Override
            public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
                final HttpServletResponse response = (HttpServletResponse) res;
                response.setHeader("Access-Control-Allow-Origin", "*");
                response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
                response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, enctype");
                response.setHeader("Access-Control-Max-Age", "3600");
                if (HttpMethod.OPTIONS.name().equalsIgnoreCase(((HttpServletRequest) req).getMethod())) {
                    response.setStatus(HttpServletResponse.SC_OK);
                } else {
                    chain.doFilter(req, res);
                }
            }

            @Override
            public void destroy() {
            }

            @Override
            public void init(FilterConfig config) throws ServletException {
            }
        }