spring boot version: 1.5.4.RELEASE
Comment From: wilkinsona
@binlaniua Thank you for trying to report what, I guess, you think is a bug in Spring Boot. Unfortunately, you haven't provided enough information for us to do anything about it. When I report a bug, I find it useful to look at it from the perspective of a project maintainer and ask myself if they could easily identify the problem with the information that I have provided. In this case, there's lots of useful information that is missing. For example:
- What exception are you throwing?
- In what way is CORS broken?
- Why do you think this is a bug in Spring Boot rather than Spring Framework?
- How can we reproduce the problem so that we can diagnose it?
Of these, 4 is the most important. It is best answered with a small sample that reproduces the problem. Can you please provide one?
Comment From: binlaniua
in WebMvcConfigurerAdapter
1. we add cors config
public void addCorsMappings(CorsRegistry registry) {
registry
.addMapping("/**/*")
.allowCredentials(true)
;
}
2. add interceptor
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new HandlerInterceptorAdapter() {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
throw new RuntimeException("");
}
});
}
3. i found the source code in AbstractHandlerMapping add cors cors interceptor at the last in interceptor chain
protected HandlerExecutionChain getCorsHandlerExecutionChain(HttpServletRequest request, HandlerExecutionChain chain, CorsConfiguration config) {
if(CorsUtils.isPreFlightRequest(request)) {
HandlerInterceptor[] interceptors = chain.getInterceptors();
// here
chain = new HandlerExecutionChain(new AbstractHandlerMapping.PreFlightHandler(config), interceptors);
} else {
chain.addInterceptor(new AbstractHandlerMapping.CorsInterceptor(config));
}
return chain;
}
````
in HandlerExecutionChain
```java
public HandlerExecutionChain(Object handler, HandlerInterceptor... interceptors) {
this.interceptorIndex = -1;
if(handler instanceof HandlerExecutionChain) {
HandlerExecutionChain originalChain = (HandlerExecutionChain)handler;
this.handler = originalChain.getHandler();
this.interceptorList = new ArrayList();
CollectionUtils.mergeArrayIntoCollection(originalChain.getInterceptors(), this.interceptorList);
CollectionUtils.mergeArrayIntoCollection(interceptors, this.interceptorList);
} else {
this.handler = handler;
this.interceptors = interceptors;
}
}
how to fix
may be, should add new AbstractHandlerMapping.CorsInterceptor(config)) at the first in interceptor chain
this.interceptorList.add(0, corsInterceptor)
Comment From: wilkinsona
It's still not clear why you think CORS is "broken" in this case. I'm not sure that it makes sense for CORS processing to occur when an interceptor's thrown an exception and, presumably, the request is going to fail anyway. The requested sample may have made this clearer, but you haven't provided one.
Anyway, AbstractHandlerMapping is part of Spring Framework rather than Spring Boot so this issue needs to be addressed there. You could consider opening a JIRA, but if you do that, please take the time to fully explain the behaviour that you are seeing, why you believe it to be broken, and how you believe it should behave.
Comment From: binlaniua
in this case, the cors not effect when interceptor throw exception
i provider plan is make the cors at the first interceptor chain
Comment From: detinho
Same issue here. Let me try to be more clear: when using addCorsMappings AND all interceptors return true, the CORS headers (Access-Control-Allow-Credentials and Access-Control-Allow-Origin) are returned correctly. But, if I return false in one of my custom interceptors, ther CORS headers are not returned on the response.
Comment From: binlaniua
@detinho so i create a filter, in doFilter code like this
CorsConfiguration cors = handlerMapping.getCorsConfigurations().values().iterator().next()
handlerMapping.getCorsProcessor().processRequest(cors, request, response);
and must add config
public void addCorsMappings(CorsRegistry registry) {
registry
.addMapping("/**/*")
.allowCredentials(true)
;
}
Comment From: qixiaobo
CorsFilter works here!
Comment From: njdub
CorsFilter works here!
Thx, @qixiaobo , switching to Filter based implementation helped for me. I've used code sample from here: https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
Comment From: mukundlalge100
@Configuration
public class CorsConfigFilters {
@Bean
public FilterRegistrationBean<CorsFilter> corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<CorsFilter>(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
This piece of code works for me in interceptor if your interceptor return true or false both