spring security4 问题

Posted 2020-10-05

<headers>
            <frame-options policy="SAMEORIGIN" />
</headers>

 

spring security升级为4 的时候 会出现重定向问题

可以在 http 标签内添加如上的代码解决

 

• DENY - is a default value. With this the page cannot be displayed in a frame, regardless of the site attempting to do so.
• SAMEORIGIN - I assume this is what you are looking for, so that the page will be (and can be) displayed in a frame on the same origin as the page itself
• ALLOW-FROM  Allows you to specify an origin, where the page can be displayed in a frame.