From 4fa0ac1df4e306c2fe0da7ee2a73b3b605563067 Mon Sep 17 00:00:00 2001
From: Jerry Yan <792602257@qq.com>
Date: Sat, 31 Jan 2026 13:57:38 +0800
Subject: [PATCH] =?UTF-8?q?config(security):=20=E7=A6=81=E7=94=A8=E5=AE=89?=
 =?UTF-8?q?=E5=85=A8=E9=85=8D=E7=BD=AE=E4=B8=AD=E7=9A=84frameOptions?=
 =?UTF-8?q?=E4=BB=A5=E5=85=81=E8=AE=B8iframe=E5=B5=8C=E5=85=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 在SecurityFilterChain中添加headers配置
- 禁用frameOptions以解决iframe嵌入限制问题
- 保持csrf禁用和其他现有安全设置不变
---
 .../src/main/java/com/datamate/main/config/SecurityConfig.java   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/services/main-application/src/main/java/com/datamate/main/config/SecurityConfig.java b/backend/services/main-application/src/main/java/com/datamate/main/config/SecurityConfig.java
index f71e8e8..8e04562 100644
--- a/backend/services/main-application/src/main/java/com/datamate/main/config/SecurityConfig.java
+++ b/backend/services/main-application/src/main/java/com/datamate/main/config/SecurityConfig.java
@@ -17,6 +17,7 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.csrf(csrf -> csrf.disable())
+            .headers(headers -> headers.frameOptions(frameOptions -> frameOptions.disable()))
             .authorizeHttpRequests(authz -> authz
                 .anyRequest().permitAll()  // 允许所有请求无需认证
             );