✨ 添加禁用iframe配置

ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/oauth/config/CustomResourceServerConfigurer.java

@@ -59,6 +59,11 @@ public class CustomResourceServerConfigurer extends ResourceServerConfigurerAdap
 				// 关闭 csrf 跨站攻击防护
 				.and().csrf().disable();
 		// @formatter:on
+
+		// 允许嵌入iframe
+		if (!permitAllUrlProperties.isIframeDeny()) {
+			httpSecurity.headers().frameOptions().disable();
+		}
 	}
 
 }

ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/oauth/config/PermitAllUrlProperties.java

@@ -15,12 +15,17 @@ import java.util.List;
  * @date 2020/2/18 10:55 资源服务器忽略鉴权的url地址
  */
 @Slf4j
+@Getter
+@Setter
 @Configuration
 @ConfigurationProperties(prefix = "security.oauth2")
 public class PermitAllUrlProperties {
 
-	@Getter
-	@Setter
 	private List<String> ignoreUrls = new ArrayList<>();
 
+	/**
+	 * 是否禁止嵌入iframe
+	 */
+	private boolean iframeDeny = true;
+
 }

ballcat-common/ballcat-common-conf/src/main/java/com/hccake/ballcat/common/conf/exception/handler/DingTalkGlobalExceptionHandler.java

@@ -25,7 +25,8 @@ public class DingTalkGlobalExceptionHandler extends AbstractNoticeGlobalExceptio
 
 	@Override
 	public ExceptionNoticeResponse send(ExceptionMessage sendMessage) {
-		DingTalkResponse response = sender.sendMessage(new DingTalkTextMessage().setContent(sendMessage.toString()).atAll());
+		DingTalkResponse response = sender
+				.sendMessage(new DingTalkTextMessage().setContent(sendMessage.toString()).atAll());
 		return new ExceptionNoticeResponse().setErrMsg(response.getResponse()).setSuccess(response.isSuccess());
 	}