CORS Blocking Requests from Client App Android — Backend Does Not Process POST /notification

Description

When making a request to the /notification endpoint from a client application (in development), the backend does not process the request.
No logs are generated on the server, and the request is blocked before reaching the controller.

The browser or client logs show a CORS error similar to: Access to fetch at 'http://:8080/notification' from origin '' has been blocked by CORS policy

Steps to Reproduce

  1. Run the backend locally (Spring Boot).
  2. Attempt a POST /notification from the client app android or frontend hosted on a different origin.
  3. Observe the CORS error in the browser or client logs.
  4. Notice that the backend does not receive or log the request.

Expected Behavior

The backend should respond to the preflight (OPTIONS) request with appropriate CORS headers, allowing the browser or client to send the actual POST request.

Possible Cause

CORS is not configured on the backend, blocking cross-origin requests.

Option 1 - Global CORS Configuration via Java Code

Add a global CORS configuration class such as:

@Configuration
public class CorsConfig {

    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurer() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**")
                        .allowedOrigins("http://localhost:3000", "http://myapp.com")
                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
                        .allowedHeaders("*")
                        .allowCredentials(true);
            }
        };
    }
}

Option 2 - Configure via application.properties

spring.web.cors.allowed-origin-patterns= spring.web.cors.allowed-methods=GET,POST,PUT,DELETE,OPTIONS spring.web.cors.allowed-headers= spring.web.cors.allow-credentials=true

Comment From: sdeleuze

By default CORS is not configured, so the fact that cross origin requests are blocked is expected. In order to make it work, you need to configure it. Could you please elaborate why you think there is an issue to be fixed?

Comment From: quaff

Maybe you are using spring-security which block CORS by default.

Comment From: Robson96

So, I thought the error was in the client app, then I thought it was in the WIFI, then I thought it was on my notebook, I changed from public to private network, I did everything and but the server could inform a message that it was CORS policies, I spent an hour trying to understand where the problem was, I am the intermediate developer, it was quick to understand, but for beginner programmers, I would have already migrated to another framework because of the headache,A message will help a lot like web browsers do a lot!

Comment From: Robson96

Maybe you are using spring-security which block CORS by default.

I wasn't using spring security, I was still prototyping api rest!

Comment From: sdeleuze

Fair point, I could probably improve the logging for such case, as a follow-up of #31839, but that will be likely have to be at DEBUG or TRACE level so beginners could still miss it. But still worth refining I think.

Comment From: Robson96

It would be great to refine this logger, problems with CORS are in the top 10 most reported problems by beginners, and I speak from personal experience haha.

Comment From: sdeleuze

Yeah I know CORS can be confusing for a lot of people, let see how we can improve the DevXP here.