Skip to content

Commit

Permalink
Improve logging of DefaultCorsProcessor for rejected headers
Browse files Browse the repository at this point in the history 
Issue: SPR-15708
  • Loading branch information
@sdeleuze
sdeleuze committed Jul 3, 2017
1 parent 1fa8410 commit 9901c38
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 4 deletions.
14 changes: 12 additions & 2 deletions spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,14 +119,24 @@ protected boolean handleInternal(ServerHttpRequest request, ServerHttpResponse r

String requestOrigin = request.getHeaders().getOrigin();
String allowOrigin = checkOrigin(config, requestOrigin);
if (allowOrigin == null) {
logger.debug("Rejecting CORS request because '" + requestOrigin + "' origin is not allowed");
rejectRequest(response);
return false;
}

HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
List<HttpMethod> allowMethods = checkMethods(config, requestMethod);
if (allowMethods == null) {
logger.debug("Rejecting CORS request because '" + requestMethod + "' request method is not allowed");
rejectRequest(response);
return false;
}

List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
List<String> allowHeaders = checkHeaders(config, requestHeaders);

if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) {
if (preFlightRequest && allowHeaders == null) {
logger.debug("Rejecting CORS request because '" + requestHeaders + "' request headers are not allowed");
rejectRequest(response);
return false;
}
Expand Down
14 changes: 12 additions & 2 deletions spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,14 +108,24 @@ protected boolean handleInternal(ServerWebExchange exchange,

String requestOrigin = request.getHeaders().getOrigin();
String allowOrigin = checkOrigin(config, requestOrigin);
if (allowOrigin == null) {
logger.debug("Rejecting CORS request because '" + requestOrigin + "' origin is not allowed");
rejectRequest(response);
return false;
}

HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
List<HttpMethod> allowMethods = checkMethods(config, requestMethod);
if (allowMethods == null) {
logger.debug("Rejecting CORS request because '" + requestMethod + "' request method is not allowed");
rejectRequest(response);
return false;
}

List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
List<String> allowHeaders = checkHeaders(config, requestHeaders);

if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) {
if (preFlightRequest && allowHeaders == null) {
logger.debug("Rejecting CORS request because '" + requestHeaders + "' request headers are not allowed");
rejectRequest(response);
return false;
}
Expand Down

0 comments on commit 9901c38

Please sign in to comment.