diff --git a/spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java b/spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java
index 6d49163b995..ecd195ae7d0 100644
--- a/spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java
+++ b/spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java
@@ -119,14 +119,24 @@ public class DefaultCorsProcessor implements CorsProcessor {
 
 		String requestOrigin = request.getHeaders().getOrigin();
 		String allowOrigin = checkOrigin(config, requestOrigin);
+		if (allowOrigin == null) {
+			logger.debug("Rejecting CORS request because '" + requestOrigin + "' origin is not allowed");
+			rejectRequest(response);
+			return false;
+		}
 
 		HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
 		List<HttpMethod> allowMethods = checkMethods(config, requestMethod);
+		if (allowMethods == null) {
+			logger.debug("Rejecting CORS request because '" + requestMethod + "' request method is not allowed");
+			rejectRequest(response);
+			return false;
+		}
 
 		List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
 		List<String> allowHeaders = checkHeaders(config, requestHeaders);
-
-		if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) {
+		if (preFlightRequest && allowHeaders == null) {
+			logger.debug("Rejecting CORS request because '" + requestHeaders + "' request headers are not allowed");
 			rejectRequest(response);
 			return false;
 		}
diff --git a/spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java b/spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java
index 6ddc24c77cd..4d82fbfc806 100644
--- a/spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java
+++ b/spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java
@@ -108,14 +108,24 @@ public class DefaultCorsProcessor implements CorsProcessor {
 
 		String requestOrigin = request.getHeaders().getOrigin();
 		String allowOrigin = checkOrigin(config, requestOrigin);
+		if (allowOrigin == null) {
+			logger.debug("Rejecting CORS request because '" + requestOrigin + "' origin is not allowed");
+			rejectRequest(response);
+			return false;
+		}
 
 		HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
 		List<HttpMethod> allowMethods = checkMethods(config, requestMethod);
+		if (allowMethods == null) {
+			logger.debug("Rejecting CORS request because '" + requestMethod + "' request method is not allowed");
+			rejectRequest(response);
+			return false;
+		}
 
 		List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
 		List<String> allowHeaders = checkHeaders(config, requestHeaders);
-
-		if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) {
+		if (preFlightRequest && allowHeaders == null) {
+			logger.debug("Rejecting CORS request because '" + requestHeaders + "' request headers are not allowed");
 			rejectRequest(response);
 			return false;
 		}