okay it works thank the lord

src/main/java/cc/pulseapp/api/PulseAPI.java

@@ -6,23 +6,17 @@ import lombok.extern.log4j.Log4j2;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
-import org.springframework.context.annotation.Bean;
-import org.springframework.http.HttpMethod;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.EnableWebMvc;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import java.io.File;
 import java.nio.file.Files;
 import java.nio.file.StandardCopyOption;
-import java.util.Arrays;
 import java.util.Objects;
 
 /**
  * @author Braydon
  */
 @SpringBootApplication(exclude = UserDetailsServiceAutoConfiguration.class)
-@Log4j2(topic = "PulseApp") @EnableWebMvc
+@Log4j2(topic = "PulseApp")
 public class PulseAPI {
     @SneakyThrows
     public static void main(@NonNull String[] args) {
@@ -38,23 +32,4 @@ public class PulseAPI {
         log.info("Found configuration at '{}'", config.getAbsolutePath());
         SpringApplication.run(PulseAPI.class, args); // Start the app
     }
-
-    /**
-     * Configures CORS for the API.
-     *
-     * @return the WebMvc config
-     */
-    @Bean
-    public WebMvcConfigurer corsConfigurer() {
-        return new WebMvcConfigurer() {
-            @Override
-            public void addCorsMappings(@NonNull CorsRegistry registry) {
-                // Allow all origins to access the API
-                registry.addMapping("/**")
-                        .allowedOrigins("*") // Allow all origins
-                        .allowedMethods("*") // Allow all methods
-                        .allowedHeaders("*"); // Allow all headers
-            }
-        };
-    }
 }

src/main/java/cc/pulseapp/api/config/AppConfig.java

@@ -0,0 +1,27 @@
+package cc.pulseapp.api.config;
+
+import lombok.NonNull;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * @author Braydon
+ */
+@Configuration
+public class AppConfig {
+    @Bean
+    public WebMvcConfigurer configureCors() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(@NonNull CorsRegistry registry) {
+                // Allow all origins to access the API
+                registry.addMapping("/**")
+                        .allowedOrigins("*") // Allow all origins
+                        .allowedMethods("*") // Allow all methods
+                        .allowedHeaders("*"); // Allow all headers
+            }
+        };
+    }
+}

src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java

@@ -56,7 +56,7 @@ public class WebSecurityConfig {
                 .securityMatcher("/**") // Require auth for all routes
                 .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class) // Add the auth token filter
                 .authorizeHttpRequests(registry -> registry // Except for the following routes
-                        .requestMatchers(HttpMethod.OPTIONS,"/**").permitAll()
+                        .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                         .requestMatchers(AntPathRequestMatcher.antMatcher("/")).permitAll()
                         .requestMatchers(AntPathRequestMatcher.antMatcher("/error")).permitAll()
                         .requestMatchers(AntPathRequestMatcher.antMatcher("/v*/auth/register")).permitAll()