Scenario: Spring security has logged in, and it is no problem to directly access http://localhost:8080/ test.html, but the request is rejected when it is placed in an iframe.
localhost rejected the request
Solution:
<http auto-config="true" use-expressions="false" >
...就不写出来了
加上下面这段就OK
<!--解决frame请求被拒绝的问题-->
<headers>
<frame-options disabled="true"></frame-options>
</headers>
</http
There is also a kind of <security:http tag on the Internet, which is the same:
<security:http auto-config="true" use-expressions="true">
<security:headers>
<security:frame-options disabled="true"/>
</security:headers>
</security:http>