H2 数据库控制台 spring boot 加载被 X-Frame-Options 拒绝

也可以通过以下方式简化@chrosciu的答案：

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.headers().frameOptions().disable();
  }
}

将下面的代码添加到Application.java，现在它可以工作，默认在端口8082上，从spring应用程序启动。它没有击中要害，但出于开发目的，一切都可以。

@Bean
org.h2.tools.Server h2Server() {
    Server server = new Server();
    try {
        server.runTool("-tcp");
        server.runTool("-tcpAllowOthers");
    } catch (Exception e) {
        e.printStackTrace();
    }
    return server;

}

这对我有用：

@EnableWebSecurity
@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().addHeaderWriter(
            new XFrameOptionsHeaderWriter(
                new WhiteListedAllowFromStrategy(Arrays.asList("localhost"))));
    }
}

当然，当应用程序在不同于本地主机的设备上运行时，应该调整白名单的内容。

有了新的弹簧

dsl

headers

SecurityFilterChain

@Configuration
@EnableWebSecurity
public class SecurityConfiguration  {

  @Bean
  SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

    http.headers(headers -> headers.frameOptions().disable()) //disable frame
        //rest of your configuration
        .csrf( csrf -> csrf.disable())
        .authorizeHttpRequests(
                    authorize -> authorize
                            .requestMatchers(HttpMethod.OPTIONS).permitAll()
                            .requestMatchers(HttpMethod.POST, "/users", "/users/login").permitAll()
                            .requestMatchers(HttpMethod.GET, "/articles/**").permitAll()
                            .anyRequest().permitAll()
            )
          
        return http.build();
  }