projects / examples / facebook-app / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Switched H2 to server-mode and made the console available in the app
[examples/facebook-app] / src / main / java / de / juplo / yourshouter / WebSecurityConfig.java
diff --git a/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java b/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java
index 2452adc..5b82a12 100644 (file)
--- a/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java
+++ b/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java
@@ -51,11 +51,11 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter
     http
         .csrf()
             /**
-             * The Facebook-Canvas does not send a proper CSRF-token in its
-             * POST-requests. Hence, this feature has to be disabled for all
-             * pages, that receive an initial call from the Facebook-Canvas.
+             * Neither the Facebook-Canvas nor the H2-console does send a proper
+             * CSRF-token in its POST-requests. Hence, this feature has to be
+             * disabled for this pages.
              */
-            .ignoringAntMatchers("/canvas/*")
+            .ignoringAntMatchers("/canvas/*", "/h2-console/*")
             .and()
         .exceptionHandling()
             .authenticationEntryPoint(authenticationEntryPoint)
Unnamed repository; edit this file 'description' to name the repository.