Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
improve logging of DefaultCorsProcessor for rejected headers [SPR-15708] #20265
The DefaultCorsProcessor rejects quietly when various conditions aren't met. This leads to confusion when trying to set up CORS handling with spring web/security.
In my situation, I didn't have the correct "allowedHeaders" configuration for a pre-flight request.
It would be helpful if this piece of code were refactored slightly to add a debug/trace message to tell the developer the fact that the request is being rejected because of a CORS issue (and why).
This is important because people often do auth + CORS at the same time - especially when implementation a Single-Page-Application. They'll hit CORS issues straight away when they start developing and the CORS config problems tend to get confused with auth config problems.
I'd be happy to submit a pull request if you think this functionality would be good to have.
Affects: 4.3.7, 4.3.8, 4.3.9, 5.0 GA
Referenced from: commits 9901c38
Sébastien Deleuze commented
Indeed, debug level logging could really help to debug such use case. Feel free to submit a pull request, if possible for both Spring MVC and Spring WebFlux (very similar classes, you will just have to duplicate the code).