chore: add frameOptions to SecurityConfig.

Sybit-Education · Aug 12, 2023 · b85983a · b85983a
1 parent b6a0036
commit b85983a
Showing 1 changed file with 5 additions and 9 deletions.
diff --git a/src/main/java/de/sybit/sygotchi/config/SecurityConfig.java b/src/main/java/de/sybit/sygotchi/config/SecurityConfig.java
@@ -28,19 +28,15 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         http
                 .csrf().disable()
                 .cors().disable()
-                .authorizeHttpRequests()
-                .requestMatchers("/**")
-                .permitAll()
-                .anyRequest()
-                .authenticated()
+                .headers().frameOptions().sameOrigin().and()
+                .authorizeHttpRequests().requestMatchers("/**").permitAll()
+                .anyRequest().authenticated()
                 .and()
-                .sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 .and()
                 .exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
                 .and()
-                .authenticationProvider(authenticationProvider)
-                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
+                .authenticationProvider(authenticationProvider).addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }