Affects: \
@Override
public Mono<Void> handlePreFlight(ServerWebExchange exchange) {
return Flux.fromIterable(this.handlerMappings != null ? this.handlerMappings : Collections.emptyList())
.concatMap(mapping -> mapping.getHandler(exchange))
.switchIfEmpty(Mono.fromRunnable(() -> exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN)))
.next()
.then();
}
cors process code exists in AbstractHandlerMapping.getHandler(..), and if the getHandler method return empty since not found route the cors process will not be invoked. but DispatcherServlet.handlerPreFlight() always set response status code FORBIDDEN(403) even if cors condition satisfy and not found route. i think when the request handler does not found and cors condition satisfy, server has to respond 404 status code. is this action intend for something?
Comment From: rstoyanchev
If there is no matching handler, we can't determine the applicable CORS configuration. I'm a little unsure why it matters how a preFlight request is rejected since either way there should be no subsequent request.
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: gksxodnd007
i wonder the 403 response status code even though the cors process does not invoked. it is not problem reject request. but i think that cloud gateway responds 403 response status code even if the cors normal. it is not my expect behavior. so i wonder this behavior meaning.
Comment From: rstoyanchev
The problem is we can't verify the CORS conditions without.