在spring security 项目中出现用iframe嵌套网页报Refused to display '<URL>' in a frame because it set 'X-Frame-Options' to 'deny。
在WebSecurityConfigurerAdapter
添加
//让X-frame-options失效,去除iframe限制
http.headers().frameOptions().disable();
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/common/**","/sysaction/areaTree/**").permitAll() //css img js 过滤掉
.antMatchers("/**").hasRole("ADMIN").anyRequest().authenticated()
.and()
.formLogin()
// 登录失败
.failureForwardUrl("/error").permitAll()
.and()
.httpBasic().disable().csrf().disable();
//让X-frame-options失效,去除iframe限制
http.headers().frameOptions().disable();
}