I'm trying to include an external JS-Script into my page using a script tag. To include the script, I used a VaadinServlet Bean to register a BootstrapListenery, which is able to append the script to the body with response.getDocument().body().append().
But when I load the page, I get the error "Cross-Origin Request Blocked". Because the script is located on a different domain, it can't be included into the page due to CORS-policy.
I already tried a ton of stuff, to allow the external script to be loaded. I tried to set the required headers in the setAccessControlHeaders method of the VaadinServlet, as it is done here. I tried to add a Bean to the WebSecurityConfigurerAdapter as described here. I tried adding @CrossOrigin(origins = "*", allowedHeaders = "*") to my Controller. And I've tried adding http.cors().and().csrf().disable(); to the configure method of my WebSecurityConfigurerAdapter as described here.
But I just can't make it happen. I would appreciate any suggestions on what else I could try or on what I am doing wrong here. Also I can't really find a way to debug this.
