From 3842ee173905fe069cf61b10184ca6231ad08f68 Mon Sep 17 00:00:00 2001
From: Christoph <tobi@urpost.de>
Date: Thu, 5 Mar 2020 14:07:41 +0100
Subject: [PATCH] disable csrf + headers.frameoptions, permit /h2-console/**

---
 src/main/java/mops/gruppen2/security/SecurityConfig.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main/java/mops/gruppen2/security/SecurityConfig.java b/src/main/java/mops/gruppen2/security/SecurityConfig.java
index 75946f1..e3299e7 100644
--- a/src/main/java/mops/gruppen2/security/SecurityConfig.java
+++ b/src/main/java/mops/gruppen2/security/SecurityConfig.java
@@ -61,12 +61,17 @@ class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
                 .hasRole("monitoring")
                 .and()
                 .authorizeRequests()
-                .antMatchers("h2-console/**")
+                .antMatchers("/h2-console/**")
                 .permitAll()
                 .anyRequest()
                 .permitAll();
+
+        http.csrf().disable();
+        http.headers().frameOptions().disable();
     }
 
+
+
     /**
      * Declaring this class enables us to use the Spring specific
      * {@link org.springframework.security.access.annotation.Secured} annotation