@crossorigin Spring позволяет всем

http.cors().configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues());


Try this one if you have at least Java 8:
Shy Snail