H2-Console is not showing in browser

By default Spring Security disables rendering within an iframe because allowing a webpage to be added to a frame can be a security issue, for example Clickjacking. Since H2 console runs within a frame so while Spring security is enabled, frame options has to be disabled explicitly, in order to get the H2 console working.

http.headers().frameOptions().disable();

In general there are two possible directives for X-Frame-Options, which are DENY or SAMEORIGIN, so the following configuration can also be used for restricted but secured access.

headers().frameOptions().sameOrigin();

This allows the page to be displayed in a frame on the same origin as the page itself


Apart from @Alien's response, I had to add http.csrf().disable(); also.


add this two lines in your spring security file and you are good to go.

    http.csrf().disable();
    http.headers().frameOptions().disable();

Tags:

H2

Spring Boot