leyes

src/main/java/es/tatvil/taiageweb/config/SecurityConfig.java

@@ -30,13 +30,16 @@ public class SecurityConfig {
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             .csrf(csrf -> csrf.ignoringRequestMatchers("/webhook/stripe"))
+            .headers(headers -> headers
+                .frameOptions(frame -> frame.sameOrigin())
+            )
             .authorizeHttpRequests(auth -> auth
                 // Recursos públicos
                 .requestMatchers(
                     "/", "/inicio", "/login", "/registro",
                     "/leyes", "/noticias", "/acceso-denegado", "/error",
                     "/webhook/stripe",
-                    "/css/**", "/js/**", "/images/**", "/favicon.ico"
+                    "/css/**", "/js/**", "/images/**", "/leyes/**", "/favicon.ico"
                 ).permitAll()
                 // Panel de administración
                 .requestMatchers("/admin/**").hasRole("ADMIN")