H2-Console is not showing in browser

Question

I am working on SpringBoot api and using H2 database with following property settings.

spring.h2.console.enabled=true
spring.datasource.name=test
spring.datasource.username=sa
spring.datasource.password=
spring.datasource.driver-class-name=org.h2.Driver
spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
spring.datasource.initialization-mode = embedded
spring.datasource.url=jdbc:h2:mem:test
spring.jpa.hibernate.ddl-auto = update

When I want to use browser to view the H2 database console through 'http://localhost:8082/h2-console', a screen open in browser with connect and test connection button. When I click on Test Connection, it returns successful but when click on Connect button, error comes that localhost refused to connect.

Does this answer your question? [Why does the H2 console in Spring Boot show a blank screen after logging in?](https://stackoverflow.com/questions/40165915/why-does-the-h2-console-in-spring-boot-show-a-blank-screen-after-logging-in) — pacoverflow, Oct 11 '21 at 16:36

Odwori · Accepted Answer · 2021-03-19T18:52:02.143

62

add this two lines in your spring security file and you are good to go.

    http.csrf().disable();
    http.headers().frameOptions().disable();

edited Mar 19 '21 at 18:52

answered Oct 15 '19 at 12:48

Odwori

1,460
13
14

score 20 · Answer 2 · answered Aug 05 '20 at 14:15

By default Spring Security disables rendering within an iframe because allowing a webpage to be added to a frame can be a security issue, for example Clickjacking. Since H2 console runs within a frame so while Spring security is enabled, frame options has to be disabled explicitly, in order to get the H2 console working.

http.headers().frameOptions().disable();

In general there are two possible directives for X-Frame-Options, which are DENY or SAMEORIGIN, so the following configuration can also be used for restricted but secured access.

headers().frameOptions().sameOrigin();

This allows the page to be displayed in a frame on the same origin as the page itself

Your answer is the most completest and the safest one. Thanks! — Pixel-Killer, Feb 17 '21 at 15:32

score 4 · Answer 3 · answered Sep 14 '19 at 08:00

4

Apart from @Alien's response, I had to add http.csrf().disable(); also.

answered Sep 14 '19 at 08:00

Amit

2,389
22
29

score 0 · Answer 4 · edited Aug 03 '20 at 21:02

Added following line one application.properties

spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driverClassName=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=
spring.jpa.database-platform=org.hibernate.dialect.H2Dialect

spring.h2.console.enabled=true

And also added following on pom.xml

<build>
  <plugins>
    <plugin>
      <configuration>
        <jdbc>
          <driver>org.h2.Driver</driver>
          <url>jdbc:h2:~/test</url>
        </jdbc>
      </configuration>
    </plugin>
  </plugins>
<build>

H2-Console is not showing in browser

4 Answers4

Linked