To handle CORS with Spring Security:
-> http.cors(Customizer.withDefaults()).
(ex) When you want the API to be accessible only from specific domains.)

To handle CORS in other ways:
->http.cors(AbstractHttpConfigurer::disable).
(ex) When you manage CORS using an external filter or a proxy server.)