FLOWUI X-Frame-Options 如何设置允许

我嵌入了本地资源报错
image
image

这个是Spring Boot的设置,请参考 17. Security HTTP Response Headers

1 个赞

新的spring 写法应该是这样的吧,试了很多次,感觉就是不行嘛 image

不好意思,回复晚了。

首先,resource是需要这样放置的,可以直接放在 resources/static/<your dir>,比如,我的 test.html 放在了 s-web 目录下:
image

然后添加一个配置文件:

package com.company.flowuidemo;

import io.jmix.securityflowui.FlowuiSecurityConfiguration;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@EnableWebSecurity
@Configuration
public class StaticWebpageSecurityConfiguration extends FlowuiSecurityConfiguration {
    @Override
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        // 这里允许访问所有 s-web 下的资源
        http.authorizeRequests().antMatchers("/s-web/**").permitAll();
        // 设置 x-frame-options
        http.headers().frameOptions().sameOrigin();
        return super.securityFilterChain(http);
    }
}

效果:
image

2 个赞