ARTICLE AD BOX
There are lots of good examples for how to configure Spring Boot for CORS online, but it seems to be very hard to find anything with an intersection of:
Using the APIs in Spring Boot 3 rather than Sping Boot 2 (the configuration interface has changed, so many examples no longer work)
For an application with Spring Security in use, so the Spring Security CORS filter must be added to the filter chain with appropriate configuration
For an API that should be available for general use, rather than restricted to a specific host
Using credentials (e.g. bearer tokens, so no need to worry about CSRF, but does need to follow the CORS restrictions about credential use)
What would the best configuration for this look like? For typical APIs, is it better to use central configuration or per method/controller annotations to manage the CORS settings?
