CORS preflight issue in HTTPS env. "cross-origin resource sharing error: preflight wildcard origin not allowed" when using withCredentials

Im experiencing a CORS issue after deploying my application to an HTTPS environment. The error is:

cross-origin resource sharing error preflight wildcard origin not allowed

In my local environment, where I have different subdomains on http, the setup works perfectly:

Backend (local): http://local.api.group.com:9090Frontend (local): http://local.fe.group.com:3000

However, after deploying to QA using https, I get the CORS error:

Backend (QA): https://qa.api.group.comFrontend (QA): https://qa.fe.group.com

In my Spring Boot backend, I have the following CORS configuration:

@Configurationpublic class CorsConfig implements WebMvcConfigurer {    @Override    public void addCorsMappings(CorsRegistry registry) {        registry.addMapping("/**")                .allowedOrigins("https://qa.fe.group.com","http://local.fe.group.com"                )                .allowedMethods("GET", "POST", "OPTIONS", "PATCH", "PUT", "DELETE", "HEAD")                .allowedHeaders("*")                .allowCredentials(true)                .allowPrivateNetwork(true)                .allowedOriginPatterns("https://qa.fe.group.com","http://local.fe.group.com"                );    }}

And on the frontend, I’m using Axios with withCredentials set to true:

const axiosInstance = axios.create({  withCredentials: true,});

1. Why does the setup work perfectly in local (HTTP) but fails afterdeploying in an HTTPS environment?

2. How can I configure my CORS settings to resolve the "preflight wildcard origin not allowed" error?

3. Does the problem lie in the use of allowCredentials(true) or the cookie settings for cross-subdomain requests?

I’ve already ensured that the frontend uses withCredentials and the backend sets allowCredentials(true) in the CORS config.

Any advice would be greatly appreciated!