H2 console and Spring Security - permitAll() not working

Question

I'm creating rest api and implemented Spring Security - everything works fine but I want (for now, when I'm still developing) to be able for anyone without authorization to open localhost:8080/console. My code:

@Override
protected void configure(HttpSecurity http) throws Exception {
    // allow everyone to register an account; /console is just for testing
    http.authorizeRequests().antMatchers("/register", "/console").permitAll();

    http.authorizeRequests().anyRequest().fullyAuthenticated();

    // making H2 console working
    http.headers().frameOptions().disable();

    /*
    https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html#when-to-use-csrf-protection
    for non-browser APIs there is no need to use csrf protection
    */
    http.csrf().disable();
}

And what is really strange - localhost:8080/register doesn't need any authentication but /console returns:

{
"timestamp": 1485876313847,
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/console"
}

Anyone knows how to fix it?

Answer 1

I solved my problem by:

http.headers().frameOptions().disable();