I have a custom authentication mechanism for my app. I have token authentication for /api/** endpoints and login form for /manager/** and /viewer/**. I have @RestController for api and @Contoller web pages. The problem occures when I access the pages – the static content doesn’t load and request are responded with net::ERR_ABORTED 401 (Unauthorized). The request for the page (/viewer/home) also responded with 401 but has actual html body which is then rendered and dtos are also loaded. Worth mentioning that calling in browser http://localhost:8080/css/operator.css returns a css file without errors.

I’m creating a spring boot and thymeleaf application. I want to display the email of the user that is logged in on the index page but I’m having no luck, it was working initially but not anymore.
This is the security configuration: