src/main/java/ru/ulstu/fc/config/SecurityConfiguration.java

@@ -28,7 +28,7 @@ public class SecurityConfiguration {
         log.debug("Security enabled");
 
         http
-                .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
+                .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin))
                 .csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth ->
                         auth.requestMatchers("/").permitAll()

src/main/java/ru/ulstu/fc/rule/controller/FuzzyRuleController.java

@@ -1,5 +1,6 @@
 package ru.ulstu.fc.rule.controller;
 
+import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.Valid;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -64,14 +65,18 @@ public class FuzzyRuleController {
 
     @ResponseBody
     @GetMapping("/getVariables/{projectId}")
-    public List<Variable> getVariables(@PathVariable("projectId") Integer projectId) {
+    public List<Variable> getVariables(@PathVariable("projectId") Integer projectId,
+                                       final HttpServletResponse response) {
+        response.addHeader("Cache-Control", "max-age=60, must-revalidate, no-transform");
         //TODO: return DTO without terms
         return variableService.getAllByProject(projectId);
     }
 
     @ResponseBody
     @GetMapping("/getFuzzyTerms/{variableId}")
-    public List<FuzzyTerm> getTerms(@PathVariable("variableId") Integer variableId) {
+    public List<FuzzyTerm> getTerms(@PathVariable("variableId") Integer variableId,
+                                    final HttpServletResponse response) {
+        response.addHeader("Cache-Control", "max-age=60, must-revalidate, no-transform");
         return fuzzyTermService.getByVariableId(variableId);
     }
 }