Polish "Document WebSecurityCustomizer for H2 Console"

See gh-29932
2022-03-21 13:55:46 +01:00 · 2022-03-21 13:55:46 +01:00 · 8824a09572
parent 9d46a18406
commit 8824a09572
1 changed files with 5 additions and 3 deletions
--- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/features/sql.adoc
+++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/features/sql.adoc
@ -323,8 +323,9 @@ You can customize the console's path by using the configprop:spring.h2.console.p


 [[features.sql.h2-web-console.spring-security]]
-==== Configuring Spring Security for H2 Console
-H2 Console uses frames and, as it's intended for development only, does not implement CSRF protection measures. If your application uses Spring Security, you need to configure it to
+==== Accessing the H2 Console in a Secured Application
+H2 Console uses frames and, as it is intended for development only, does not implement CSRF protection measures.
+If your application uses Spring Security, you need to configure it to

 * disable CSRF protection for requests against the console,
 * set the header `X-Frame-Options` to `SAMEORIGIN` on responses from the console.
@ -338,7 +339,8 @@ In simple setups, a `SecurityFilterChain` like the following can be used:
 include::{docs-java}/features/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java[]
 ----

-WARNING: The H2 console is only intended for use during development. In production, disabling CSRF protection or allowing frames for a website may create severe security risks.
+WARNING: The H2 console is only intended for use during development.
+In production, disabling CSRF protection or allowing frames for a website may create severe security risks.

 TIP: `PathRequest.toH2Console()` returns the correct request matcher also when the console's path has been customized.