My problem with Cors POST requests
Just encountered a weird "bug" in the CORS protocol. One of my POST request endpoints accepts a multipart form as content type. In local development the front-end sending the request exists on a different origin. Because of the different origin I expected a blocking response to be send though the cross-origin resource sharing mechanism ( cors ) by the back-end managing the endpoint. The back-end is a Spring boot application. Turns out that the back-end fully processed the form data and send back a 200 Ok response... The only thing good thing that happened is that the front-end didn't display the response because of a missing [ Access-Control-Allow-Origin ] header. After reading a clearer guide on CORS that a POST request with a multipart form as content is not blocked through CORS by design... If it was send with a PUT request a proper blocking response would be generated. In my case the request added entities to the database. Not really desirable with data from u...