这个问题是同源问题导致的,解决办法就是添加一个适配器:
package com.finup.coffee.config;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@Order(SecurityProperties.DEFAULT_FILTER_ORDER)
class SecurityConfig extends WebSecurityConfigurerAdapter implements ApplicationContextAware {
@Override
protected void configure(final HttpSecurity http) throws Exception {
// 允许同源的iframe页面嵌套
http.headers().frameOptions().sameOrigin();
http.csrf().disable();
}
}