From df5e5667561c5c6f24f2da4693b9ed93c9e986e5 Mon Sep 17 00:00:00 2001
From: zwzw1219 <zwzw1219@192.168.1.111>
Date: Sat, 14 Oct 2017 10:14:08 +0800
Subject: [PATCH] 1

---
 .../java/com/boot/security/server/config/SecurityConfig.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/boot/security/server/config/SecurityConfig.java b/src/main/java/com/boot/security/server/config/SecurityConfig.java
index 7d3a0c4..e06b76d 100644
--- a/src/main/java/com/boot/security/server/config/SecurityConfig.java
+++ b/src/main/java/com/boot/security/server/config/SecurityConfig.java
@@ -32,7 +32,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 				.permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login.html")
 				.loginProcessingUrl("/login").successHandler(authenticationSuccessHandler)
 				.failureHandler(authenticationFailureHandler).and().logout().logoutUrl("/logout")
-				.logoutSuccessHandler(logoutSuccessHandler).and().csrf().disable();
+				.logoutSuccessHandler(logoutSuccessHandler).and().csrf().disable().headers().frameOptions()
+				.sameOrigin();
 	}
 
 	@Override