mirror of https://github.com/alibaba/arthas.git
disable iframe deny header by default. #1873
parent
29aef3ee88
commit
cc04d73fba
@ -1,15 +1,30 @@
|
|||||||
package com.alibaba.arthas.tunnel.server.endpoint;
|
package com.alibaba.arthas.tunnel.server.app;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
|
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
|
|
||||||
|
import com.alibaba.arthas.tunnel.server.app.configuration.ArthasProperties;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @author hengyunabc 2021-08-11
|
||||||
|
*
|
||||||
|
*/
|
||||||
@Configuration
|
@Configuration
|
||||||
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
ArthasProperties arthasProperties;
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity httpSecurity) throws Exception {
|
protected void configure(HttpSecurity httpSecurity) throws Exception {
|
||||||
httpSecurity.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated().anyRequest()
|
httpSecurity.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated().anyRequest()
|
||||||
.permitAll().and().formLogin();
|
.permitAll().and().formLogin();
|
||||||
|
// allow iframe
|
||||||
|
if (arthasProperties.isEnableIframeSupport()) {
|
||||||
|
httpSecurity.headers().frameOptions().disable();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue