Refused to display 'url' in a frame because it set 'X-Frame-Options' to 'deny' - deny, display, frame, options, refused, set, URL

I use an iframe to embed a webpage, and the browser reports an error: Refused to display ‘url’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.
This is Spring Security to prevent malicious injection, so X-Frame-Options is set to deny. On the Internet, it is added httpSecurity.headers().frameOptions().disable();

For example: https ://blog.csdn.net/a494567309/article/details/80348557

But I configure it in spring-security.xml, so I don’t need this, add

The entire spring-security.xml configuration is as follows

xml version="1.0" encoding="UTF-8"?> span>

<beans  xmlns="http://www.springframework.org/schema/beans"

 xmlns:security="http://www.springframework.org/schema/security"

 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

 xsi:schemaLocation="http://www.springframework.org/schema/beans

 http://www.springframework.org/schema/beans/spring-beans.xsd

 http://www.springframework.org/schema/security

 http://www.springframework.org/schema/security/spring-security.xsd">



 

 <security:http pattern="/login.jsp" security="none"/>

 <security:http pattern="/css/**" security="none"/>

 <security:http pattern="/img/**" security="none"/>

 <security:http pattern="/js/**" security="none"/>

 <security:http pattern="/plugins/**" security="none"/>

 

 <security:http auto-config="true" use-expressions="true">

 

 <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')"/>



 

 <security:form-login

 login-page="/login.jsp"

 login-processing-url="/login.do"

 default-target-url="/index.jsp"

 authentication-failure-handler-ref="authenticationFailureHandler"

 authentication-success-handler-ref="authenticationSuccessHandler"

 />



 

 <security:csrf disabled="true"/>

 

 <security:logout invalidate-session="true" logout-url="/logout.do" logout-success -url="/login.jsp"/>



 

 <security:headers disabled="true"/>

 security:http>



 

 <security:authentication-manager>

 <security:authentication-provider ref="authenticationProvider"/>

 security:authentication-manager>



 <bean  id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">

 <property  name="userDetailsService" ref="managerService" />

 

 <property  name="hideUserNotFoundExceptions" value="false" />

 

 <property  name="passwordEncoder" ref="passwordEncoder" />

 bean>



 

 <bean  id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>


 <bean  id="authenticationFailureHandler" class="com.handler.AuthenticationFailureHandler"/>

 <bean  id="authenticationSuccessHandler" class="com.handler.AuthenticationSuccessHandler"/>

beans>

Just restart it

xml version="1.0" encoding="UTF-8"?>

<beans  xmlns="http://www.springframework.org/schema/beans"

 xmlns:security="http://www.springframework.org/schema/security"

 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

 xsi:schemaLocation="http://www.springframework.org/schema/beans

 http://www.springframework.org/schema/beans/spring-beans.xsd

 http://www.springframework.org/schema/security

 http://www.springframework.org/schema/security/spring-security.xsd">



 

 <security:http pattern="/login.jsp" security="none"/>

 <security:http pattern="/css/**" security="none"/>

 <security:http pattern="/img/**" security="none"/>

 <security:http pattern="/js/**" security="none"/>

 <security:http pattern="/plugins/**" security="none"/>

 

 <security:http auto-config="true" use-expressions="true">

 

 <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')"/>



 

 <security:form-login

 login-page="/login.jsp"

 login-processing-url="/login.do"

 default-target-url="/index.jsp"

 authentication-failure-handler-ref="authenticationFailureHandler"

 authentication-success-handler-ref="authenticationSuccessHandler"

 />



 

 <security:csrf disabled="true"/>

 

 <security:logout invalidate-session="true" logout-url="/logout.do" logout-success -url="/login.jsp"/>



 

 <security:headers disabled="true"/>

 security:http>



 

 <security:authentication-manager>

 <security:authentication-provider ref="authenticationProvider"/>

 security:authentication-manager>



 <bean  id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">

 <property  name="userDetailsService" ref="managerService" />

 

 <property  name="hideUserNotFoundExceptions" value="false" />

 

 <property  name="passwordEncoder" ref="passwordEncoder" />

 bean>



 

 <bean  id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>


 <bean  id="authenticationFailureHandler" class="com.handler.AuthenticationFailureHandler"/>

 <bean  id="authenticationSuccessHandler" class="com.handler.AuthenticationSuccessHandler"/>

beans>

Leave a Comment Cancel reply