这个问题需要在继承WebSecurityConfigurerAdapter的类中添加一段代码就可以解决
添加 http.headers().frameOptions().sameOrigin(); 这段代码 如我的下面代码
**例如我的继承类securityConfig **
public class securityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().contentTypeOptions().disable();
http.csrf().disable();//防止跨站点请求伪造
http.authorizeRequests()
.antMatchers("/login.html","/user/add","/xAdmin/**","/treetable-lay/**","ztree/**","/static/**")
.permitAll()
.anyRequest()
.authenticated();
// X-Content-Type-Options头设置应许加载静态资源
// X-Content-Type-Options头设置应许加载静态资源
http.headers().frameOptions().sameOrigin();
http.formLogin()
.loginPage("/login.html")//指定登录的html页面
.loginProcessingUrl("/login")//指定的处理路径
.successHandler(myAuthenticationSuccessHander)
.failureHandler(myAuthenctiationFailureHandler);
}
}