1515 feat: 修正SpringbootAdmin监控页面在iframe中可以正常显示
YunaiV
parent
c3125dbc92
commit
5fe868e096
|
|
@ -8,6 +8,7 @@ import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.core.annotation.Order;
|
import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
|
|
@ -39,6 +40,9 @@ public class AdminServerConfiguration {
|
||||||
@Value("${spring.boot.admin.client.password:admin}")
|
@Value("${spring.boot.admin.client.password:admin}")
|
||||||
private String password;
|
private String password;
|
||||||
|
|
||||||
|
@Value("${spring.boot.admin.frame-ancestors:'self'}")
|
||||||
|
private String frameAncestors;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Spring Boot Admin 专用的 InMemoryUserDetailsManager
|
* Spring Boot Admin 专用的 InMemoryUserDetailsManager
|
||||||
* 使用内存存储,与系统用户隔离
|
* 使用内存存储,与系统用户隔离
|
||||||
|
|
@ -99,6 +103,16 @@ public class AdminServerConfiguration {
|
||||||
adminSeverContextPath + "/instances", // Admin Client 注册端点忽略 CSRF
|
adminSeverContextPath + "/instances", // Admin Client 注册端点忽略 CSRF
|
||||||
adminSeverContextPath + "/actuator/**" // Actuator 端点忽略 CSRF
|
adminSeverContextPath + "/actuator/**" // Actuator 端点忽略 CSRF
|
||||||
)
|
)
|
||||||
|
)
|
||||||
|
.headers(headers -> headers
|
||||||
|
// 特殊:Spring Boot Admin 前端基于 Vue,需 unsafe-inline / unsafe-eval 支持内联脚本与表达式
|
||||||
|
.contentSecurityPolicy(csp -> csp.policyDirectives(
|
||||||
|
"default-src 'self'; "
|
||||||
|
+ "script-src 'self' 'unsafe-inline' 'unsafe-eval'; "
|
||||||
|
+ "style-src 'self' 'unsafe-inline'; "
|
||||||
|
+ "frame-ancestors " + frameAncestors))
|
||||||
|
.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin) // 显式设置 X-Frame-Options 为 SAMEORIGIN
|
||||||
|
.cacheControl(HeadersConfigurer.CacheControlConfig::disable) // 禁用缓存,避免旧配置生效
|
||||||
);
|
);
|
||||||
return httpSecurity.build();
|
return httpSecurity.build();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -137,6 +137,8 @@ spring:
|
||||||
password: admin
|
password: admin
|
||||||
# Spring Boot Admin Server 服务端的相关配置
|
# Spring Boot Admin Server 服务端的相关配置
|
||||||
context-path: /admin # 配置 Spring
|
context-path: /admin # 配置 Spring
|
||||||
|
# 允许嵌入 iframe 的域名(支持通配符),实际部署时,可以改为 "'self' [你的公网域名]"
|
||||||
|
frame-ancestors: "'self' localhost localhost:48082 127.0.0.1 127.0.0.1:48082"
|
||||||
|
|
||||||
# 日志文件配置
|
# 日志文件配置
|
||||||
logging:
|
logging:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue