Improve web security

apps/backend/api/src/main/java/com/nikitades/carres/infrastructure/spring/security/WebSecurityConfig.java

@@ -8,6 +8,7 @@
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
 import org.springframework.security.web.SecurityFilterChain;
@@ -22,7 +23,8 @@ public class WebSecurityConfig {
   public SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc)
     throws Exception {
     http
-      .cors(Customizer.withDefaults())
+      .cors(Customizer.withDefaults()) //for h2
+      .headers(headers -> headers.frameOptions(FrameOptionsConfig::sameOrigin)) //for h2
       .csrf(csrf -> csrf.disable())
       .authorizeHttpRequests(requests -> {
         requests