Angular / Spring Boot Camunda - CORS Same Origin blocking issues

Hey there. I have no idea why it works for basically everybody but not for me. Via postman and browser I can call the request without problems. The error is basically the one everyone here had:

Access to XMLHttpRequest at ‘http://localhost:8080/engine-rest/task?sortBy=created&sortOrder=desc&maxResults=10’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.


getTasks(sortBy: string, sortOrder: string, maxResults: number): Observable<any> {

    const endpoint =


    return this.http.get<any>(endpoint, httpOptions).pipe(

      tap((form) => this.log(`fetched tasks`)),

      catchError(this.handleError('getTasks', []))



const httpOptions = {
  headers: new HttpHeaders({
    Authorization: 'Basic ' + btoa('demo:demo'),
    'Content-Type': 'application/json'

I configured a class in Spring Boot to enable authentication and also configure CORS like I always do:

public class CamundaSecurityFilter {

  public FilterRegistrationBean<Filter> processEngineAuthenticationFilter() {
    FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
    return registration;

  List<String> allowedMethods = Arrays.asList("GET", "PUT", "POST", "PATCH", "DELETE", "OPTIONS");

  CorsConfigurationSource corsConfigurationSource() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration configuration = new CorsConfiguration();
    source.registerCorsConfiguration("/**", configuration);
    return source;

  public Filter getProcessEngineAuthenticationFilter() {
    return new ProcessEngineAuthenticationFilter();

What is wrong here? Literally every entry in Google is now purple because I tried everything. I know in the Camunda-Angular example they are using a proxy but this can’t be the solution because I don’t want to globally set the path.

In the end the problem was too easy to see…

You need the security package of Spring Boot and then annotate the class with @EnableWebSecurity. Then extend your class with extends WebSecurityConfigurerAdapter. Now you can override the method you need and activate CORS.

  protected void configure(HttpSecurity http) throws Exception {