使用java配置,跟spring security配置在一起
@EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http // ... .headers().frameOptions().sameOrigin().httpStrictTransportSecurity().disable(); } }
如果是使用xml配置:
<http>
<!-- ... -->
<headers>
<frame-options policy="SAMEORIGIN" />
<hsts disable="true"/>
</headers>
</http>