improve logging of DefaultCorsProcessor for rejected headers [SPR-15708] #20265
The DefaultCorsProcessor rejects quietly when various conditions aren't met. This leads to confusion when trying to set up CORS handling with spring web/security.
In my situation, I didn't have the correct "allowedHeaders" configuration for a pre-flight request.
It would be helpful if this piece of code were refactored slightly to add a debug/trace message to tell the developer the fact that the request is being rejected because of a CORS issue (and why).
This is important because people often do auth + CORS at the same time - especially when implementation a Single-Page-Application. They'll hit CORS issues straight away when they start developing and the CORS config problems tend to get confused with auth config problems.
I'd be happy to submit a pull request if you think this functionality would be good to have.
Affects: 4.3.7, 4.3.8, 4.3.9, 5.0 GA
Referenced from: commits 9901c38
The text was updated successfully, but these errors were encountered:
Sébastien Deleuze commented
Indeed, debug level logging could really help to debug such use case. Feel free to submit a pull request, if possible for both Spring MVC and Spring WebFlux (very similar classes, you will just have to duplicate the code).