From 39d878311f248aa970d615b2eeb1b3ce119b5994 Mon Sep 17 00:00:00 2001
From: jianghao <332515344@qq.com>
Date: Thu, 26 Feb 2026 11:28:36 +0800
Subject: [PATCH] =?UTF-8?q?fix(security):=20=E6=B7=BB=E5=8A=A0frameOptions?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E4=BB=A5=E5=A2=9E=E5=BC=BA=E5=AE=89=E5=85=A8?=
 =?UTF-8?q?=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

添加sameOrigin的frameOptions配置，防止点击劫持攻击
---
 .../src/main/java/com/timeline/user/config/SecurityConfig.java  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/timeline-user-service/src/main/java/com/timeline/user/config/SecurityConfig.java b/timeline-user-service/src/main/java/com/timeline/user/config/SecurityConfig.java
index c73e4e7..1837130 100644
--- a/timeline-user-service/src/main/java/com/timeline/user/config/SecurityConfig.java
+++ b/timeline-user-service/src/main/java/com/timeline/user/config/SecurityConfig.java
@@ -14,6 +14,8 @@ public class SecurityConfig {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
                 .csrf(csrf -> csrf.disable())
+                .headers(headers -> headers
+                        .frameOptions(frameOptions -> frameOptions.sameOrigin()))
                 .authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
         return http.build();
     }