Spring Boot REST API: Handling CORS for a front-end single-page application with multiple subdomains
I'm learning this framework and This might be a silly question, but I've looked through the documentation and I'm still confused about I'm developing a Spring Boot REST API in version 2.5.4 that serves a front-end single-page application (SPA) hosted on multiple subdomains. Each subdomain, like `app.example.com` and `admin.example.com`, needs to make requests to the API hosted at `api.example.com`. However, I'm running into Cross-Origin Resource Sharing (CORS) issues when trying to access the API from these different subdomains. The browser console shows the behavior: `Access to XMLHttpRequest at 'https://api.example.com/data' from origin 'https://app.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.` I've tried using `@CrossOrigin` annotations at the controller level like this: ```java @RestController @RequestMapping("/api/v1") @CrossOrigin(origins = {"https://app.example.com", "https://admin.example.com"}) public class DataController { @GetMapping("/data") public ResponseEntity<List<Data>> getData() { return ResponseEntity.ok(dataService.getAllData()); } } ``` However, this isn't helping, and I'm still getting the same CORS behavior. I even attempted to configure global CORS mappings in a `WebMvcConfigurer` like so: ```java @Configuration public class WebConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/api/**").allowedOrigins("https://app.example.com", "https://admin.example.com").allowedMethods("GET", "POST"); } } ``` Despite these attempts, the CORS policy issues continue. I've also confirmed that my browser does not have any extensions that could interfere with CORS. Can someone guide to identify what might be going wrong in my configuration or if there's an alternative approach to properly enable CORS for multiple subdomains? I recently upgraded to Java latest. I'd really appreciate any guidance on this.