From ddcdbc779bd3058d9ceedbd812671a67c7d06107 Mon Sep 17 00:00:00 2001
From: Tatiana Villa Ema <tatiana@tecnologia-facil.es>
Date: Fri, 8 May 2026 01:48:31 +0200
Subject: [PATCH] leyes

---
 src/main/java/es/tatvil/taiageweb/config/SecurityConfig.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/es/tatvil/taiageweb/config/SecurityConfig.java b/src/main/java/es/tatvil/taiageweb/config/SecurityConfig.java
index 44c462b..fe3a70a 100644
--- a/src/main/java/es/tatvil/taiageweb/config/SecurityConfig.java
+++ b/src/main/java/es/tatvil/taiageweb/config/SecurityConfig.java
@@ -30,13 +30,16 @@ public class SecurityConfig {
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             .csrf(csrf -> csrf.ignoringRequestMatchers("/webhook/stripe"))
+            .headers(headers -> headers
+                .frameOptions(frame -> frame.sameOrigin())
+            )
             .authorizeHttpRequests(auth -> auth
                 // Recursos públicos
                 .requestMatchers(
                     "/", "/inicio", "/login", "/registro",
                     "/leyes", "/noticias", "/acceso-denegado", "/error",
                     "/webhook/stripe",
-                    "/css/**", "/js/**", "/images/**", "/favicon.ico"
+                    "/css/**", "/js/**", "/images/**", "/leyes/**", "/favicon.ico"
                 ).permitAll()
                 // Panel de administración
                 .requestMatchers("/admin/**").hasRole("ADMIN")