From a17a3870b79e1a84976e9ddf8d42cf432de57a95 Mon Sep 17 00:00:00 2001
From: wayne <wayne8692wayne8692@gmail.com>
Date: 星期二, 09 十一月 2021 09:45:02 +0800
Subject: [PATCH] [update] #todo 129741 移除ReferrerPolicy機制，使其不會被CORS

---
 pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
index 3f9110b..2ce5355 100644
--- a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
+++ b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
@@ -67,8 +67,6 @@
             .headers()
             .contentSecurityPolicy(jHipsterProperties.getSecurity().getContentSecurityPolicy())
         .and()
-            .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
-        .and()
             .permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")
         .and()
             .frameOptions()
@@ -83,6 +81,8 @@
             .antMatchers("/api/activate").permitAll()
             .antMatchers("/api/account/reset-password/init").permitAll()
             .antMatchers("/api/account/reset-password/finish").permitAll()
+            .antMatchers("/api/consultant/recommend").permitAll()
+            .antMatchers("/api/consultant/detail").permitAll()
             .antMatchers("/api/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
             .antMatchers("/api/**").authenticated()
             .antMatchers("/websocket/**").authenticated()

--
Gitblit v1.8.0