#What am I supposed to use if frameOptions() is deprecated

Beginner programmer working with Spring Security for the first time. Through research and chatGPT I landed on a solution that worked! (hurray) but I'm getting a warning that .frameOptions() is deprecated.

I can't just remove frameOptions() because it's allowing me to view my H2 console, what's the current way to allow them?

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http, AuthService authService) throws Exception {
        JwtTokenFilter jwtTokenFilter = new JwtTokenFilter(authService);

        http
                .csrf(csrf -> csrf.disable()) // Disable CSRF protection
                .addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class)
                .authorizeHttpRequests(authz -> authz
                        .requestMatchers("/h2-console/**").permitAll() // Permit H2 console access
                        .requestMatchers("/api/auth/**").permitAll() // Permit all requests to auth endpoints
                        .requestMatchers("/chat/**").permitAll() //
                        .requestMatchers("/api/users/**").permitAll()
                        .requestMatchers("/api/audio/**").permitAll()
                        .anyRequest().permitAll() // Require auth for all other requests
                )
                .headers(headers -> headers // Set headers to allow frame options for H2 console
                        .frameOptions().sameOrigin());

        return http.build();
    }

<@&1004656351647117403> please have a look, thanks.

If it is marked as Deprecated then it is very likely that solution to your problem can be found in Javadoc of that same method

Hey there

Try this

frameOptions(Customizer.withDefault())

tried this, withDefault() is undefined for the type Customizer

show how your import Customizer pls

it's withDefaults() as in the plural

cfr https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/builders/HttpSecurity.html#headers(org.springframework.security.config.Customizer)

Good spot!

i didn't notice as i wrote it by hand

i assume it should be suggested by the ide and corrected as well :/

Indeed, I was about to say. It's an easy typo, and normally your IDE should offer autocompletion Paulus. (intellij => ctrl space or your OS equivalent)

That cleared the error, but I my h2 frames are still not showing. I found the solution in documentation and it didn't work, but I adjusted by looking at type definitions for frameOptionsConfig, this one works for me:

.frameOptions(frameOptions -> frameOptions
                                .sameOrigin())

Is there a way to mark this solved? I'm new here

ah looks good

just close this thread

with the following command

/help_thread close

/help_thread close

lmao