Description
shorn tolley opened SPR-15708 and commented
The DefaultCorsProcessor rejects quietly when various conditions aren't met. This leads to confusion when trying to set up CORS handling with spring web/security.
In my situation, I didn't have the correct "allowedHeaders" configuration for a pre-flight request.
This lead to me thinking the eventual "403" error had something to do with my authentication and authorization chain.
It would be helpful if this piece of code were refactored slightly to add a debug/trace message to tell the developer the fact that the request is being rejected because of a CORS issue (and why).
This is important because people often do auth + CORS at the same time - especially when implementation a Single-Page-Application. They'll hit CORS issues straight away when they start developing and the CORS config problems tend to get confused with auth config problems.
I'd be happy to submit a pull request if you think this functionality would be good to have.
Affects: 4.3.7, 4.3.8, 4.3.9, 5.0 GA
Referenced from: commits 9901c38