config(security): 禁用安全配置中的frameOptions以允许iframe嵌入

- 在SecurityFilterChain中添加headers配置 - 禁用frameOptions以解决iframe嵌入限制问题 - 保持csrf禁用和其他现有安全设置不变
2026-01-31 13:57:38 +08:00
parent f2403f00ce
commit 4fa0ac1df4
1 changed files with 1 additions and 0 deletions
--- a/backend/services/main-application/src/main/java/com/datamate/main/config/SecurityConfig.java
+++ b/backend/services/main-application/src/main/java/com/datamate/main/config/SecurityConfig.java
@@ -17,6 +17,7 @@ public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
+            .headers(headers -> headers.frameOptions(frameOptions -> frameOptions.disable()))
            .authorizeHttpRequests(authz -> authz
                .anyRequest().permitAll()  // 允许所有请求无需认证
            );