From ff64351fa86496aad7d4eb0097ecbd1fc5c5f8a3 Mon Sep 17 00:00:00 2001
From: Ralf Eichinger <ralf.eichinger@bsb-muenchen.de>
Date: Mon, 4 Jun 2018 17:20:17 +0200
Subject: [PATCH] Disable iframe security

---
 .../iiif/demo/config/SpringConfigSecurityDemo.java              | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/java/de/digitalcollections/iiif/demo/config/SpringConfigSecurityDemo.java b/src/main/java/de/digitalcollections/iiif/demo/config/SpringConfigSecurityDemo.java
index a2eef5a..02deb24 100644
--- a/src/main/java/de/digitalcollections/iiif/demo/config/SpringConfigSecurityDemo.java
+++ b/src/main/java/de/digitalcollections/iiif/demo/config/SpringConfigSecurityDemo.java
@@ -11,6 +11,8 @@ public class SpringConfigSecurityDemo extends WebSecurityConfigurerAdapter {
   @Override
   protected void configure(HttpSecurity http) throws Exception {
     http
+            .headers().frameOptions().disable() // to make universalviewer work
+            .and()
             .authorizeRequests()
             .requestMatchers(EndpointRequest.to("info", "health")).permitAll()
             .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")