From: Lott, Christopher (cl778h) Date: Mon, 19 Aug 2019 20:36:45 +0000 (-0400) Subject: Disable the x-frame-options response header X-Git-Tag: R2~36 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F55%2F755%2F1;p=portal%2Fric-dashboard.git Disable the x-frame-options response header Spring Security blocks framing by default. Change-Id: I51a1fa31599a55196675fe505f6c47696af40b6d Signed-off-by: Lott, Christopher (cl778h) --- diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 6c89ab9d..65e58967 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -41,6 +41,7 @@ Version 1.2.0, 19 Aug 2019 * Add custom (plain but not white-label) error page * Synch A1 method paths in front-end and back-end * Add xapp dynamic configuration feature +* Disable x-frame-options response header Version 1.0.5, 5 July 2019 -------------------------- diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java index 4e243564..92ea75e8 100644 --- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java +++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java @@ -78,6 +78,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { logger.debug("configure: portalapi.username {}", userName); // A chain of ".and()" always baffles me http.authorizeRequests().anyRequest().authenticated(); + http.headers().frameOptions().disable(); http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); http.addFilterBefore(portalAuthenticationFilterBean(), BasicAuthenticationFilter.class); }