Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add logging to CORS optimization #32580

Closed
xenoterracide opened this issue Apr 5, 2024 · 1 comment
Closed

add logging to CORS optimization #32580

xenoterracide opened this issue Apr 5, 2024 · 1 comment
Assignees
@sdeleuze
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: declined A suggestion or change that we don't feel we should currently apply

Comments

@xenoterracide
Copy link

I just spent hours trying to figure out why my cors configuration wasn't working. It turns out that it was. The problem was how I was testing it. There's an optimization

spring-framework/spring-web/src/main/java/org/springframework/web/cors/CorsUtils.java

Line 43 in 4e6532f

if (origin == null) {
on whether to output the headers that requires you to set the origin header. That's fair, but could you add some kind of log statement along this path that they they are being skipped? I don't care if it's debug or trace logging (although I think I prefer debug since I only put trace on spring security). I feel like stepping through this with a debugger isn't something I should have to do.
@xenoterracide xenoterracide mentioned this issue Apr 5, 2024
Open
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Apr 5, 2024
@jhoeller jhoeller added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Apr 5, 2024
@sdeleuze sdeleuze self-assigned this Apr 5, 2024
@sdeleuze
Copy link
Contributor

Hi, I understand CORS can be tricky, but for the use case mentioned, I am not in favor of adding such additional logging. The CORS specification is crystal clear on the fact that "A CORS request is an HTTP request that includes an Origin header.", so this behavior should not be surprising or specific to Spring implementation, unlike for example the use case where the response already has a Access-Control-Allow-Origin header. As a consequence, I decline this proposal.

@sdeleuze sdeleuze closed this as not planned Won't fix, can't repro, duplicate, stale May 16, 2024
@sdeleuze sdeleuze added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sdeleuze sdeleuze

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: declined A suggestion or change that we don't feel we should currently apply
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xenoterracide @sdeleuze @jhoeller @spring-projects-issues