From bd2bfd1264653cbebc54c4bccb7ad2d7084a93a5 Mon Sep 17 00:00:00 2001 From: Arturo Gomez Date: Wed, 10 Jun 2026 17:31:21 -0600 Subject: [PATCH] fix(security): disable X-Frame-Options to allow iframe embedding MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Spring Security aplica X-Frame-Options: DENY por defecto, bloqueando que la app sea embebida en la presentación final via iframe. Se deshabilita el header para permitir el embed desde la presentación. Co-Authored-By: Claude Sonnet 4.6 --- .../java/com/springboot/MyTodoList/config/SecurityConfig.java | 1 + 1 file changed, 1 insertion(+) diff --git a/MtdrSpring/backend/src/main/java/com/springboot/MyTodoList/config/SecurityConfig.java b/MtdrSpring/backend/src/main/java/com/springboot/MyTodoList/config/SecurityConfig.java index 975422239..ed544621b 100644 --- a/MtdrSpring/backend/src/main/java/com/springboot/MyTodoList/config/SecurityConfig.java +++ b/MtdrSpring/backend/src/main/java/com/springboot/MyTodoList/config/SecurityConfig.java @@ -28,6 +28,7 @@ public class SecurityConfig { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .csrf(AbstractHttpConfigurer::disable) + .headers(headers -> headers.frameOptions(frame -> frame.disable())) .sessionManagement(s -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .authorizeHttpRequests(auth -> auth .requestMatchers(