X-Git-Url: https://juplo.de/gitweb/?p=examples%2Ffacebook-app;a=blobdiff_plain;f=src%2Fmain%2Fjava%2Fde%2Fjuplo%2Fyourshouter%2FWebSecurityConfig.java;h=5b82a1237835c7dd5015d2370dd898a6a04f7b85;hp=2452adc8a472d42e5838222179818021419a287d;hb=f629006c32b366b1bfaf24fb25f128f83e1c76b0;hpb=9c8202018997d8e18da4da86ccef926cb9f9de6f

diff --git a/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java b/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java
index 2452adc..5b82a12 100644
--- a/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java
+++ b/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java
@@ -51,11 +51,11 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter
     http
         .csrf()
             /**
-             * The Facebook-Canvas does not send a proper CSRF-token in its
-             * POST-requests. Hence, this feature has to be disabled for all
-             * pages, that receive an initial call from the Facebook-Canvas.
+             * Neither the Facebook-Canvas nor the H2-console does send a proper
+             * CSRF-token in its POST-requests. Hence, this feature has to be
+             * disabled for this pages.
              */
-            .ignoringAntMatchers("/canvas/*")
+            .ignoringAntMatchers("/canvas/*", "/h2-console/*")
             .and()
         .exceptionHandling()
             .authenticationEntryPoint(authenticationEntryPoint)