fix(security): 添加frameOptions配置以增强安全性

添加sameOrigin的frameOptions配置，防止点击劫持攻击
2026-02-26 11:28:36 +08:00
parent f1beb94e60
commit 39d878311f
1 changed files with 2 additions and 0 deletions
--- a/timeline-user-service/src/main/java/com/timeline/user/config/SecurityConfig.java
+++ b/timeline-user-service/src/main/java/com/timeline/user/config/SecurityConfig.java
@@ -14,6 +14,8 @@ public class SecurityConfig {
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf(csrf -> csrf.disable())
+                .headers(headers -> headers
+                        .frameOptions(frameOptions -> frameOptions.sameOrigin()))
                .authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
        return http.build();
    }