From b7de9faedf2a3e21c77c4ab3fc645ef01ac549cf Mon Sep 17 00:00:00 2001
From: HelenHuang <LinHuang@pollex.com.tw>
Date: 星期一, 15 十一月 2021 17:41:41 +0800
Subject: [PATCH] Merge branch 'master' of https://192.168.0.10:8443/r/pcalife/PAM
---
pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
index 2ce5355..9445072 100644
--- a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
+++ b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
@@ -67,6 +67,8 @@
.headers()
.contentSecurityPolicy(jHipsterProperties.getSecurity().getContentSecurityPolicy())
.and()
+ .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
+ .and()
.permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")
.and()
.frameOptions()
@@ -79,10 +81,14 @@
.antMatchers("/api/authenticate").permitAll()
.antMatchers("/api/register").permitAll()
.antMatchers("/api/activate").permitAll()
+ .antMatchers("/api/testLogin/**").permitAll()
.antMatchers("/api/account/reset-password/init").permitAll()
.antMatchers("/api/account/reset-password/finish").permitAll()
.antMatchers("/api/consultant/recommend").permitAll()
.antMatchers("/api/consultant/detail").permitAll()
+ .antMatchers("/api/consultant/fastQuery").permitAll()
+ .antMatchers("/api/consultant/strictQuery").permitAll()
+ .antMatchers("/api/consultant/avatar/**").permitAll()
.antMatchers("/api/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/api/**").authenticated()
.antMatchers("/websocket/**").authenticated()
--
Gitblit v1.8.0