Docs: document effects of disabling CORS configurer

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
2 months ago · 4feeb0f843
2 changed files with 16 additions and 1 deletions
--- a/docs/modules/ROOT/pages/reactive/integrations/cors.adoc
+++ b/docs/modules/ROOT/pages/reactive/integrations/cors.adoc
@ -1,4 +1,3 @@
				@@ -1,4 +1,3 @@
-
 [[webflux-cors]]
 = CORS

@ -75,3 +74,11 @@ fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain
				@@ -75,3 +74,11 @@ fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain
 }
 ----
 ======
+
+[WARNING]
+====
+CORS is a browser-based security feature.
+By disabling CORS in Spring Security, you are not removing CORS protection from your browser.
+Instead, you are removing CORS support from Spring Security, and users will not be able to interact with your Spring backend from a cross-origin browser application.
+To fix CORS errors in your application, you must enable CORS support, and provide an appropriate configuration source.
+====
--- a/docs/modules/ROOT/pages/servlet/integrations/cors.adoc
+++ b/docs/modules/ROOT/pages/servlet/integrations/cors.adoc
@ -183,3 +183,11 @@ fun corsConfigurationSource(): UrlBasedCorsConfigurationSource {
				@@ -183,3 +183,11 @@ fun corsConfigurationSource(): UrlBasedCorsConfigurationSource {
 }
 ----
 ======
+
+[WARNING]
+====
+CORS is a browser-based security feature.
+By disabling CORS in Spring Security with `.cors(CorsConfigurer::disable)`, you are not removing CORS protection from your browser.
+Instead, you are removing CORS support from Spring Security, and users will not be able to interact with your Spring backend from a cross-origin browser application.
+To fix CORS errors in your application, you must enable CORS support, and provide an appropriate configuration source.
+====