Spring CorsInterceptor should add to the first interceptor in InterceptorChain?

Affects: Spring Webmvc 4.3.14

---

I use CorsRegistry to add cors configuration support, but it does not work. I found the cors process code in AbstractHandlerMapping

protected HandlerExecutionChain getCorsHandlerExecutionChain(HttpServletRequest request,
            HandlerExecutionChain chain, CorsConfiguration config) {

        if (CorsUtils.isPreFlightRequest(request)) {
            HandlerInterceptor[] interceptors = chain.getInterceptors();
            chain = new HandlerExecutionChain(new PreFlightHandler(config), interceptors);
        }
        else {
            chain.addInterceptor(new CorsInterceptor(config));
        }
        return chain;
    }

the code add the CorsInterceptor to the end of InterceptorChain， but a LoginInterceptor has exist in the InterceptorChain, and before CorsInterceptor now. so when the request reach, spring mvc will execute the LoginInterceptor first, and the LoginInterceptor throw a NotLoginException. It cause that CorsInterceptor to not execute, so the brower client will throw error.

Maybe it's a bug and the CorsInterceptor should add to the first interceptor in InterceptorChain?

Comment From: rmueller83

This change causes a big headache for us. We have our own HandlerInterceptor for setting CORS headers. Previously, our interceptor added the headers and the DefaultCorsProcessor running afterwards did not do anything because it contains

        if (response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) != null) {
            logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\"");
            return true;
        }

Now there is no chance for us to put our interceptor before the default one. :-(

Comment From: sbrannen

@rmueller83, this issue was closed almost 2.5 years ago.

Please open a new issue if you'd like to discuss the topic further.