Skip to content

Commit

Permalink
disable iframe deny header by default. alibaba#1873
Browse files Browse the repository at this point in the history
  • Loading branch information
@hengyunabc
hengyunabc committed Aug 11, 2021
1 parent 29aef3e commit cc04d73
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 3 deletions.
21 changes: 18 additions & 3 deletions ...nel/server/endpoint/ActuatorSecurity.java → .../tunnel/server/app/WebSecurityConfig.java
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,30 @@
package com.alibaba.arthas.tunnel.server.endpoint;
package com.alibaba.arthas.tunnel.server.app;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import com.alibaba.arthas.tunnel.server.app.configuration.ArthasProperties;

/**
*
* @author hengyunabc 2021-08-11
*
*/
@Configuration
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
ArthasProperties arthasProperties;
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated().anyRequest()
.permitAll().and().formLogin();
.permitAll().and().formLogin();
// allow iframe
if (arthasProperties.isEnableIframeSupport()) {
httpSecurity.headers().frameOptions().disable();
}
}
}
10 changes: 10 additions & 0 deletions ...er/src/main/java/com/alibaba/arthas/tunnel/server/app/configuration/ArthasProperties.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ public class ArthasProperties {
*/
private boolean enableDetailPages = false;

private boolean enableIframeSupport = true;

public Server getServer() {
return server;
}
Expand All @@ -51,6 +53,14 @@ public void setEnableDetailPages(boolean enableDetailPages) {
this.enableDetailPages = enableDetailPages;
}

public boolean isEnableIframeSupport() {
return enableIframeSupport;
}

public void setEnableIframeSupport(boolean enableIframeSupport) {
this.enableIframeSupport = enableIframeSupport;
}

public static class Server {
/**
* tunnel server listen host
Expand Down

0 comments on commit cc04d73

Please sign in to comment.