I know there are many posts about this, but they all seem to be broken or old, in fact none of them fit spring security 6.2.3, spring-boot 3.2.4

I’m using Spring Security 6.3.1 and it seems cors is filtering out my authorization header. I made sure that the request from my webapp contains the header but when i try to get it in my JwtAuthorizationFilter the header is filtered out. A Postman call works as intended.
My WebSecurityConfiguration with the global cors settings looks like this: