I am facing an issue with CORS in my Spring Boot application. I have several domains from which I can upload files without any problem:

http://localhost:4200

<URL removed by staff>

https://mydomain2.dev

https://admin.mydomain2.app

However, I encounter CORS errors when trying to upload files from dynamically generated subdomains, such as:

https://subdomain1.mydomain2.app

https://subdomain2.mydomain2.app

All other endpoints are working fine for dynamically generated sub domains. Only those endpoints in which I am sending a file to be uploaded to GCP throws cors error.

Stack Details:

Backend: Spring Boot

Frontend: Angular

Deployment: Pulumi and GCP

CORS Configuration:

Here is my current CORS configuration:

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.web.cors.CorsConfiguration;

import org.springframework.web.cors.CorsConfigurationSource;

import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;

import java.util.Collections;

@Configuration

public class CorsConfig {

    @Bean(name = "corsConfigurationSource")

    public CorsConfigurationSource corsConfigurationSource() {

        CorsConfiguration configuration = new CorsConfiguration();

        configuration.setAllowedOriginPatterns(Arrays.asList(

                "http://localhost:4200",

                "https://mydomain1.com",

                "https://mydomain2.dev",

                "https://admin.mydomain2.app",

                "https://*.mydomain2.app"

        ));

        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS")); 

configuration.setAllowCredentials(true);

configuration.setAllowedHeaders(Collections.singletonList("*"));

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); 

source.registerCorsConfiguration("/**", configuration);

        return source;

    }

}

Issue:

The configuration works fine for the explicitly listed domains but throws a CORS error for any subdomain of mydomain2.app that is deployed by Pulumi.

Error

Access to XMLHttpRequest at 'https://backend.subdomain1.mydomain2.app/apis/v1/staff/uploadImage/1' from origin 'https://care-upload.mysubdomain2.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Question:

How can I configure my Spring Boot application to properly handle CORS for dynamically generated subdomains of mydomain2.app?

Additional Information:

I am using Angular on the frontend to handle file uploads, and the backend is deployed using Pulumi and GCP.

Any help or guidance on resolving this issue would be greatly appreciated. Thank you!