diff --git a/docs/modules/ROOT/pages/reactive/integrations/cors.adoc b/docs/modules/ROOT/pages/reactive/integrations/cors.adoc index c524a9fc910..d2d2160954c 100644 --- a/docs/modules/ROOT/pages/reactive/integrations/cors.adoc +++ b/docs/modules/ROOT/pages/reactive/integrations/cors.adoc @@ -7,6 +7,10 @@ If the request does not contain any cookies and Spring Security is first, the re The easiest way to ensure that CORS is handled first is to use the `CorsWebFilter`. Users can integrate the `CorsWebFilter` with Spring Security by providing a `CorsConfigurationSource`. + +NOTE: If multiple `CorsConfigurationSource` beans are defined in the application context, Spring Security will not automatically select one and will fail with an ambiguous bean definition error. +In that case, you should specify which `CorsConfigurationSource` to use for each security filter chain by passing it directly to the `.cors()` DSL. + For example, the following will integrate CORS support within Spring Security: [tabs] diff --git a/docs/modules/ROOT/pages/servlet/integrations/cors.adoc b/docs/modules/ROOT/pages/servlet/integrations/cors.adoc index 5e50b5c48b3..cd0d49fb623 100644 --- a/docs/modules/ROOT/pages/servlet/integrations/cors.adoc +++ b/docs/modules/ROOT/pages/servlet/integrations/cors.adoc @@ -10,7 +10,10 @@ If the request does not contain any cookies and Spring Security is first, the re The easiest way to ensure that CORS is handled first is to use the `CorsFilter`. Users can integrate the `CorsFilter` with Spring Security by providing a `CorsConfigurationSource`. -Note that Spring Security will automatically configure CORS only if a `UrlBasedCorsConfigurationSource` instance is present. +Note that Spring Security will automatically configure CORS only if a single `UrlBasedCorsConfigurationSource` instance is present. +If multiple `CorsConfigurationSource` beans are defined in the application context, Spring Security will not automatically select one and will fail with an ambiguous bean definition error. +In that case, you should specify which `CorsConfigurationSource` to use for each `SecurityFilterChain` by passing it directly to the `.cors()` DSL as shown in the <> section. + For example, the following will integrate CORS support within Spring Security: [tabs]