Document that /error is secured by default

Closes gh-45663
2025-06-18 13:33:38 +02:00 · 2025-06-18 13:33:38 +02:00 · 6ef1830bc8
parent d9e4b66eee
commit 6ef1830bc8
1 changed files with 2 additions and 1 deletions
--- a/spring-boot-project/spring-boot-docs/src/docs/antora/modules/reference/pages/web/spring-security.adoc
+++ b/spring-boot-project/spring-boot-docs/src/docs/antora/modules/reference/pages/web/spring-security.adoc
@ -2,7 +2,8 @@
 = Spring Security

 If {url-spring-security-site}[Spring Security] is on the classpath, then web applications are secured by default.
-Spring Boot relies on Spring Security’s content-negotiation strategy to determine whether to use `httpBasic` or `formLogin`.
+This includes securing Spring Boot's `/error` endpoint.
+Spring Boot relies on Spring Security's content-negotiation strategy to determine whether to use `httpBasic` or `formLogin`.
 To add method-level security to a web application, you can also add javadoc:org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity[format=annotation] with your desired settings.
 Additional information can be found in the {url-spring-security-docs}/servlet/authorization/method-security.html[Spring Security Reference Guide].