#3 -- fix headers for h2

2022-03-10 17:20:35 +04:00 · 2022-03-10 17:20:35 +04:00 · 2ac1b3f3c1
commit 2ac1b3f3c1
parent 6132e00c5e
2 changed files with 3 additions and 5 deletions
--- a/data/db.mv.db
+++ b/data/db.mv.db
--- a/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
+++ b/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
@ -40,14 +40,12 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf()
-                .disable();
+        http.csrf().disable();
+        http.headers().frameOptions().disable();
        log.debug("Security enabled");
        http.authorizeRequests()
                .antMatchers("/").permitAll()
-                .antMatchers("/login").permitAll()
-                .antMatchers("/index").permitAll()
-                .antMatchers("/news/*").permitAll()
+                .antMatchers("/login", "/index", "/news/*", "/h2-console/*", "/h2-console").permitAll()
                .antMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
                .anyRequest().authenticated()
                .and()