How to disable 'X-Frame-Options' response header in Spring Security?

Question

I have CKeditor on my jsp and whenever I upload something, the following error pops out:

 Refused to display \'http://localhost:8080/xxx/xxx/upload-image?CKE         


        

Answer 1

If you are using Spring Security's Java configuration, all of the default security headers are added by default. They can be disabled using the Java configuration below:

@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .headers().disable()
      ...;
  }
}