diff --git a/spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java b/spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java index 6d49163b995..19d78f64177 100644 --- a/spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java +++ b/spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java @@ -126,7 +126,23 @@ protected boolean handleInternal(ServerHttpRequest request, ServerHttpResponse r List requestHeaders = getHeadersToUse(request, preFlightRequest); List allowHeaders = checkHeaders(config, requestHeaders); - if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) { + if (allowOrigin == null) { + logger.debug("rejecting request because CORS processor cannot determine " + + "request origin"); + rejectRequest(response); + return false; + } + + if (allowMethods == null) { + logger.debug("rejecting request because CORS processor cannot determine " + + "the allowed methods for the response of a pre-flight request"); + rejectRequest(response); + return false; + } + + if ((preFlightRequest && allowHeaders == null)) { + logger.debug("rejecting request because CORS processor cannot determine " + + "the allowed headers for the response of a pre-flight request"); rejectRequest(response); return false; } diff --git a/spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java b/spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java index 6ddc24c77cd..176d0d26ef3 100644 --- a/spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java +++ b/spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java @@ -115,7 +115,23 @@ protected boolean handleInternal(ServerWebExchange exchange, List requestHeaders = getHeadersToUse(request, preFlightRequest); List allowHeaders = checkHeaders(config, requestHeaders); - if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) { + if (allowOrigin == null) { + logger.debug("rejecting request because CORS processor cannot determine " + + "request origin"); + rejectRequest(response); + return false; + } + + if (allowMethods == null) { + logger.debug("rejecting request because CORS processor cannot determine " + + "the allowed methods for the response of a pre-flight request"); + rejectRequest(response); + return false; + } + + if ((preFlightRequest && allowHeaders == null)) { + logger.debug("rejecting request because CORS processor cannot determine " + + "the allowed headers for the response of a pre-flight request"); rejectRequest(response); return false; }