Refused to display ‘http://xxxxxxxxxxxxxxxx’ in a frame because it set multiple ‘X-Frame-Options’ headers with conflicting values (‘DENY, SAMEORIGIN’). Falling back to ‘deny’.
给项目加了spring-security, 但是用jquery upload 文件, call back 函数出问题了,浏览器后台报出以上错误.
分析是spring-security 自动给response head 加了’DENY’,如下解决方案:
<security:http auto-config="true" use-expressions="true">
<security:headers>
<security:frame-options policy="SAMEORIGIN"/>
</security:headers>
....
</security:http>