<headers>
<frame-options policy="SAMEORIGIN" />
</headers>
spring security升级为4 的时候 会出现重定向问题
可以在 http 标签内添加如上的代码解决
- DENY - is a default value. With this the page cannot be displayed in a frame, regardless of the site attempting to do so.
- SAMEORIGIN - I assume this is what you are looking for, so that the page will be (and can be) displayed in a frame on the same origin as the page itself
- ALLOW-FROM Allows you to specify an origin, where the page can be displayed in a frame.