spring boot in a frame because it set ‘X-Frame-Options‘ to ‘deny‘

Others 2021-01-28 01:26:32 views: null

The iframe cannot be loaded in the spring boot security project.

solve:

@Override
    protected void configure(HttpSecurity http) throws Exception {
       
        //  允许所有用户访问"/"和"/index.html"
        http.authorizeRequests()
                .antMatchers("/js/**").permitAll()
                .anyRequest().authenticated()   // 其他地址的访问均需验证权限
                .and()
                .formLogin()
                .loginPage("/login")   //  登录页
                .defaultSuccessUrl("/index")
                .usernameParameter("username")
                .passwordParameter("password")
                .and()
                .headers().frameOptions().disable()// 不加报 in a frame because it set 'X-Frame-Options' to 'deny'.
                .and().csrf().disable(); // TODO spring security的跨域保护(CSRF Protection) CSRF是指跨站请求伪造(Cross-site request forgery),是web常见的攻击之一。
    }

 

Guess you like

Origin blog.csdn.net/csl12919/article/details/113094953
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com