Vaadin 14 with Spring Security: Login page not loading

I got the latest Vaadin 14 starter pack and added a LoginOverlay and configured Spring Security same as the Bakery App. I am running into the below issue when accessing the login page.

The resource from “http://localhost:8080/login” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
Loading failed for the <script> with source “http://localhost:8080/VAADIN/build/webcomponentsjs/webcomponents-loader.js”.

Loading module from “http://localhost:8080/login” was blocked because of a disallowed MIME type (“text/html”).
Loading failed for the module with source “http://localhost:8080/VAADIN/build/vaadin-bundle-bbf2c79874502dc043fb.cache.js”.

Strangely the page loads properly when the browser cache is cleared.

Are you allowing access to static resources /VAADIN/** in your Spring security configuration?
That could explain why MIME type is “text/html” for a .js file, server could be replying with a not authorized error page instead of the requested file.
In Bakery it’s done in SecurityConfiguration in the configure(WebSecurity web) method

Had the same problem every second load. Compared with the Bakery App and found @SpringBootApplication(exclude = ErrorMvcAutoConfiguration.class) in the Adding this exclusion solved the problem.

Thank you Emil, add the exclusion worked.