github-forks
/
arthas
mirror of https://github.com/alibaba/arthas.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

disable iframe deny header by default. #1873

Browse Source
pull/1890/head
hengyunabc 4 years ago
parent 29aef3ee88
commit cc04d73fba
2 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File

21
tunnel-server/src/main/java/com/alibaba/arthas/tunnel/server/endpoint/ActuatorSecurity.java → tunnel-server/src/main/java/com/alibaba/arthas/tunnel/server/app/WebSecurityConfig.java
Unescape Escape View File

@ -1,15 +1,30 @@
package com.alibaba.arthas.tunnel.server.endpoint;
package com.alibaba.arthas.tunnel.server.app;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import com.alibaba.arthas.tunnel.server.app.configuration.ArthasProperties;
/**
*
* @author hengyunabc 2021-08-11
*
*/
@Configuration
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
ArthasProperties arthasProperties;
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated().anyRequest()
.permitAll().and().formLogin();
.permitAll().and().formLogin();
// allow iframe
if (arthasProperties.isEnableIframeSupport()) {
httpSecurity.headers().frameOptions().disable();
}
}
}

10
tunnel-server/src/main/java/com/alibaba/arthas/tunnel/server/app/configuration/ArthasProperties.java
Unescape Escape View File

@ -27,6 +27,8 @@ public class ArthasProperties {
*/
private boolean enableDetailPages = false;
private boolean enableIframeSupport = true;
public Server getServer() {
return server;
}
@ -51,6 +53,14 @@ public class ArthasProperties {
this.enableDetailPages = enableDetailPages;
}
public boolean isEnableIframeSupport() {
return enableIframeSupport;
}
public void setEnableIframeSupport(boolean enableIframeSupport) {
this.enableIframeSupport = enableIframeSupport;
}
public static class Server {
/**
* tunnel server listen host

Write Preview
Loading…
Cancel
Save