H2-Console is not showing in browser

Question

I am working on SpringBoot api and using H2 database with following property settings.

spring.h2.console.enabled=true spring.datasource.name=test spring.datasource.username=sa spring.datasource.password= spring.datasource.driver-class-name=org.h2.Driver spring.jpa.database-platform=org.hibernate.dialect.H2Dialect spring.datasource.initialization-mode = embedded spring.datasource.url=jdbc:h2:mem:test spring.jpa.hibernate.ddl-auto = update 

When I want to use browser to view the H2 database console through 'http://localhost:8082/h2-console', a screen open in browser with connect and test connection button. When I click on Test Connection, it returns successful but when click on Connect button, error comes that localhost refused to connect.

Answer 1

add this two lines in your spring security file and you are good to go.

    http.csrf().disable();     http.headers().frameOptions().disable(); 

Answer 2

By default Spring Security disables rendering within an iframe because allowing a webpage to be added to a frame can be a security issue, for example Clickjacking. Since H2 console runs within a frame so while Spring security is enabled, frame options has to be disabled explicitly, in order to get the H2 console working.

http.headers().frameOptions().disable(); 

In general there are two possible directives for X-Frame-Options, which are DENY or SAMEORIGIN, so the following configuration can also be used for restricted but secured access.

headers().frameOptions().sameOrigin(); 

This allows the page to be displayed in a frame on the same origin as the page itself