spring-projects · shorn · Jun 28, 2017 · sdeleuze · Jun 30, 2017 · sdeleuze
diff --git a/spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java b/spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java
@@ -126,7 +126,23 @@ protected boolean handleInternal(ServerHttpRequest request, ServerHttpResponse r
 		List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
 		List<String> allowHeaders = checkHeaders(config, requestHeaders);
 
-		if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) {
+		if (allowOrigin == null) {
+			logger.debug("rejecting request because CORS processor cannot determine " +
+					"request origin");
+			rejectRequest(response);
+			return false;
+		} 
+
+		if (allowMethods == null) {
+			logger.debug("rejecting request because CORS processor cannot determine " +
+					"the allowed methods for the response of a pre-flight request");
+			rejectRequest(response);
+			return false;
+		} 
+
+		if ((preFlightRequest && allowHeaders == null)) {
+			logger.debug("rejecting request because CORS processor cannot determine " +
+					"the allowed headers for the response of a pre-flight request");
 			rejectRequest(response);
 			return false;
 		}

diff --git a/spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java b/spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java
@@ -115,7 +115,23 @@ protected boolean handleInternal(ServerWebExchange exchange,
 		List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
 		List<String> allowHeaders = checkHeaders(config, requestHeaders);
 
-		if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) {
+		if (allowOrigin == null) {
+			logger.debug("rejecting request because CORS processor cannot determine " +
+					"request origin");
+			rejectRequest(response);
+			return false;
+		} 
+
+		if (allowMethods == null) {
+			logger.debug("rejecting request because CORS processor cannot determine " +
+					"the allowed methods for the response of a pre-flight request");
+			rejectRequest(response);
+			return false;
+		} 
+
+		if ((preFlightRequest && allowHeaders == null)) {
+			logger.debug("rejecting request because CORS processor cannot determine " +
+					"the allowed headers for the response of a pre-flight request");
 			rejectRequest(response);
 			return false;
 		}