How to disable 'X-Frame-Options' response header in Spring Security?

Question

I have CKeditor on my jsp and whenever I upload something, the following error pops out:

 Refused to display \'http://localhost:8080/xxx/xxx/upload-image?CKE         


        

Answer 1

If you're using Spring Boot, the simplest way to disable the Spring Security default headers is to use security.headers.* properties. In particular, if you want to disable the X-Frame-Options default header, just add the following to your application.properties:

security.headers.frame=false

There is also security.headers.cache, security.headers.content-type, security.headers.hsts and security.headers.xss properties that you can use. For more information, take a look at SecurityProperties.