使用java配置,跟spring security配置在一起
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers().frameOptions().sameOrigin().httpStrictTransportSecurity().disable();
}
}
如果是使用xml配置:
<http>
<!-- ... --> <headers>
<frame-options policy="SAMEORIGIN" />
<hsts disable="true"/>
</headers>
</http>