Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-11-10 19:48:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '6.4.x' into 6.5.x

Browse Source
This commit is contained in:
Rob Winch 2025-11-04 10:24:15 -06:00
commit 8fa2fc0e1e
No known key found for this signature in database
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/modules/ROOT/pages/reactive/integrations/cors.adoc
View File

@ -1,4 +1,3 @@
[[webflux-cors]] [[webflux-cors]]
= CORS = CORS
@ -75,3 +74,11 @@ fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain
} }
---- ----
====== ======
[WARNING]
====
CORS is a browser-based security feature.
By disabling CORS in Spring Security, you are not removing CORS protection from your browser.
Instead, you are removing CORS support from Spring Security, and users will not be able to interact with your Spring backend from a cross-origin browser application.
To fix CORS errors in your application, you must enable CORS support, and provide an appropriate configuration source.
====

8
docs/modules/ROOT/pages/servlet/integrations/cors.adoc
View File

@ -183,3 +183,11 @@ fun corsConfigurationSource(): UrlBasedCorsConfigurationSource {
} }
---- ----
====== ======
[WARNING]
====
CORS is a browser-based security feature.
By disabling CORS in Spring Security with `.cors(CorsConfigurer::disable)`, you are not removing CORS protection from your browser.
Instead, you are removing CORS support from Spring Security, and users will not be able to interact with your Spring backend from a cross-origin browser application.
To fix CORS errors in your application, you must enable CORS support, and provide an appropriate configuration source.
====