From 577dff492af07d1c6c1357657bc144def36c6d56 Mon Sep 17 00:00:00 2001
From: liuhuiling <liuhuiling4@huawei.com>
Date: Wed, 9 Dec 2020 09:46:07 +0800
Subject: [PATCH] set x-frame-options disable

set x-frame-options disable

Issue-ID: I1TDH6

Signed-off-by: liuhuiling <liuhuiling4@huawei.com>
---
 .../website/config/ClientWebSecurityConfigurer.java          | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java b/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java
index c7a5fb1..ab9565f 100644
--- a/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java
+++ b/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java
@@ -16,8 +16,6 @@
 
 package org.edgegallery.website.config;
 
-import com.netflix.zuul.ZuulFilter;
-import com.netflix.zuul.context.RequestContext;
 import java.io.IOException;
 import java.util.Map;
 import javax.servlet.ServletContext;
@@ -47,6 +45,8 @@ import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import com.netflix.zuul.ZuulFilter;
+import com.netflix.zuul.context.RequestContext;
 
 @Configuration
 @EnableWebSecurity
@@ -76,6 +76,7 @@ public class ClientWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
 
     @Override
     public void configure(final HttpSecurity http) throws Exception {
+        http.headers().frameOptions().disable();
         http.authorizeRequests().antMatchers("/login", "/auth/logout").permitAll()
             .antMatchers(HttpMethod.GET, "/health")
             .permitAll()
-- 
Gitee