leyes

2026-05-08 01:48:31 +02:00 · 2026-05-08 01:48:31 +02:00 · ddcdbc779b
parent 4de22dec1b
commit ddcdbc779b
1 changed files with 4 additions and 1 deletions
--- a/src/main/java/es/tatvil/taiageweb/config/SecurityConfig.java
+++ b/src/main/java/es/tatvil/taiageweb/config/SecurityConfig.java
@ -30,13 +30,16 @@ public class SecurityConfig {
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .csrf(csrf -> csrf.ignoringRequestMatchers("/webhook/stripe"))
+            .headers(headers -> headers
+                .frameOptions(frame -> frame.sameOrigin())
+            )
            .authorizeHttpRequests(auth -> auth
                // Recursos públicos
                .requestMatchers(
                    "/", "/inicio", "/login", "/registro",
                    "/leyes", "/noticias", "/acceso-denegado", "/error",
                    "/webhook/stripe",
-                    "/css/**", "/js/**", "/images/**", "/favicon.ico"
+                    "/css/**", "/js/**", "/images/**", "/leyes/**", "/favicon.ico"
                ).permitAll()
                // Panel de administración
                .requestMatchers("/admin/**").hasRole("ADMIN")