Default Interceptors


If your service map does not include the key :io.pedestal.http/interceptors, then Pedestal will create a vector of default interceptors for you.

The default interceptors are added to your service map when you call either create-servlet, or create-server.

This document explains which interceptors are added under different conditions. Each interceptor has its own documentation that describes its specific behavior.

Modifying the Default Stack

If your service map already includes the key :io.pedestal.http/interceptors when you call one of the create- functions, then Pedestal won’t add the default interceptors. So what should you do if you want to use the default interceptors, but want to add your own interceptors to the default stack?

The solution is to call default-interceptors yourself, before calling create-server or create-servlet. That way, default-interceptors can build the default stack, then your application code has an opportunity to modify it. By the time you call create-server or create-servlet, the :io.pedestal.http/interceptors key will have your modified version of the default interceptors.

Here is an example of adding interceptors to perform authentication and authorization on every request. (Assuming we have a namespace auth with functions to construct these interceptors given a configuration.)

(defn service
  [service-map authn-config authz-config]
  (-> service-map
      (http/default-interceptors)                                                 (1)
      (update ::http/interceptors conj (auth/authentication-interceptor authn-config)) (2)
      (update ::http/interceptors conj (auth/authorization-interceptor authz-config))  (3)
      (http/create-server)))                                                      (4)
1 Attach the default interceptors to our service map
2 Modify the defaults to add authentication.
3 modify the defaults to add authorization.
4 Create the server as usual. This would normally attach the defaults, but will skip that because we’ve set them up ourselves.

Default Interceptors

Some of the default interceptors are conditional. Pedestal adds them when other parts of the service map indicate a need for an interceptor. These will be noted below.

These are presented in the order that they appear in the interceptor vector. That means their :enter functions will be called in the order they appear in this document, and their :leave functions are called in reverse order.

The following identifies the interceptor by their var or function, in the order they are added by default-interceptors.


Always added, unless the :io.pedestal.http/tracing options is set to nil.


Always added. Logs each request at info level. See Logging to configure loggers and logging levels.


Added when the service map has a value for :io.pedestal.http/allowed-origins.


Always added. However, if the service map includes a value for :io.pedestal.http/not-found-interceptor, then that interceptor will be used in this position instead of the built-in.


Added when the service map has a value for :io.pedestal.http/enable-session or :io.pedestal.http/enable-csrf.


Added when the service map includes a value for :io.pedestal.http/enable-csrf.


Always added.


Always added.


Always added.


Added when the service map has a value for :io.pedestal.http/resource-path.


Added when the service map has a value for :io.pedestal.http/file-path.


Added when the service map has a non-nil value for :io.pedestal.http/secure-headers or when the service map does not include the key :io.pedestal.http/secure-headers at all.


Always added.


Added unless :io.pedestal.http/path-params-decoder is not is set to nil.