Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CorsInterceptor should add to the first interceptor in InterceptorChain? #22459

Closed
wayshall opened this issue Feb 23, 2019 · 2 comments
Closed

CorsInterceptor should add to the first interceptor in InterceptorChain? #22459

wayshall opened this issue Feb 23, 2019 · 2 comments
Assignees
@rstoyanchev
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Milestone
5.2 M1

Comments

@wayshall
Copy link

Affects: Spring Webmvc 4.3.14

I use CorsRegistry to add cors configuration support, but it does not work.
I found the cors process code in AbstractHandlerMapping

protected HandlerExecutionChain getCorsHandlerExecutionChain(HttpServletRequest request,
			HandlerExecutionChain chain, CorsConfiguration config) {

		if (CorsUtils.isPreFlightRequest(request)) {
			HandlerInterceptor[] interceptors = chain.getInterceptors();
			chain = new HandlerExecutionChain(new PreFlightHandler(config), interceptors);
		}
		else {
			chain.addInterceptor(new CorsInterceptor(config));
		}
		return chain;
	}

the code add the CorsInterceptor to the end of InterceptorChain,
but a LoginInterceptor has exist in the InterceptorChain, and before CorsInterceptor now.
so when the request reach, spring mvc will execute the LoginInterceptor first, and the LoginInterceptor throw a NotLoginException.
It cause that CorsInterceptor to not execute, so the brower client will throw error.

Maybe it's a bug and the CorsInterceptor should add to the first interceptor in InterceptorChain?
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Feb 23, 2019
wayshall added a commit to wayshall/onetwo that referenced this issue Feb 23, 2019
@wayshall
feat: add cors filter config
560ead0 
增加corsfilter配置
因为使用corsInterceotpr拦截的话,如果业务拦截器在前,会导致corsinterceptor没有执行
见:spring-projects/spring-framework#22459
@sbrannen sbrannen added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Mar 5, 2019
@rstoyanchev rstoyanchev added this to the 5.2 M2 milestone Apr 4, 2019
@rstoyanchev rstoyanchev added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Apr 4, 2019
@rstoyanchev rstoyanchev modified the milestones: 5.2 M2, 5.2 M1 Apr 6, 2019
@rstoyanchev rstoyanchev self-assigned this Apr 6, 2019
@rmueller83
Copy link

This change causes a big headache for us. We have our own HandlerInterceptor for setting CORS headers.
Previously, our interceptor added the headers and the DefaultCorsProcessor running afterwards did not do anything because it contains

		if (response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) != null) {
			logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\"");
			return true;
		}

Now there is no chance for us to put our interceptor before the default one. :-(

@sbrannen
Copy link
Member

@rmueller83, this issue was closed almost 2.5 years ago.

Please open a new issue if you'd like to discuss the topic further.

@tianshuang tianshuang mentioned this issue Nov 17, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rstoyanchev rstoyanchev

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2 M1
Development

No branches or pull requests
5 participants
@sbrannen @rstoyanchev @wayshall @rmueller83 @spring-projects-issues