CorsUtils.isCorsRequest throws unhandled IllegalArgumentException and returns 500 Internal Server Error on malfomed Origin header #33682
Labels
in: web
Issues in web modules (web, webmvc, webflux, websocket)
status: waiting-for-triage
An issue we've not yet triaged or decided on
Affects: 6.1.13
if a client sends a malformed origin header in a CORS request to a spring boot application that looks like this:
The following exception will be thrown:
This exception is not handled, and bubbles out as a 500 Internal Server Error.
I would expect that the framework would handle the invalid input and reject the request with a 403 Forbidden with message "invalid cors request", like it does for many other kinds of invalid input.
The only workaround I have found is to register a custom
corsFilter
bean, with a customCorsProcessor
that handles the exception and rejects it.The text was updated successfully, but these errors were encountered: