我想为我网站上的某个“/interface” URL 启用 POST 请求。我已经成功地通过存在Class<?>[] getRootConfigClasses()的指定 CSP 标头加载了该类HttpSecurity http。
每当我向 提出请求时/interface,我都会得到HTTP 403。
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests().antMatchers(HttpMethod.POST, "/interface").permitAll().and()
.headers()
.contentTypeOptions().and()
.cacheControl().and()
.httpStrictTransportSecurity().and()
.frameOptions().and()
.contentSecurityPolicy("the csp header. it is present on every response.");
}
}
尝试覆盖另一种配置方法:configure(WebSecurity webSecurity).
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers(POST, "/interface");
}
| 归档时间: |
|
| 查看次数: |
2502 次 |
| 最近记录: |