Update src/main/java/com/example/config/SecurityConfig.java

src/main/java/com/example/config/SecurityConfig.java

@@ -32,32 +32,7 @@ public class SecurityConfig {
                 .defaultSuccessUrl("/secure", true)
             )
             .logout(logout -> logout.logoutSuccessUrl("/"))
-            .oidcLogout(oidc -> oidc.backChannel(Customizer.withDefaults()))
-            .headers(headers -> headers
-              .defaultsDisabled() // Disable defaults so they don't conflict with HF proxy
-              .contentTypeOptions(Customizer.withDefaults())
-              .frameOptions(frame -> frame.sameOrigin())
-              .httpStrictTransportSecurity(hsts -> hsts
-                  .includeSubDomains(true)
-                  .maxAgeInSeconds(31536000)
-              )
-              .contentSecurityPolicy(csp -> csp
-                  .policyDirectives("default-src 'self'; " +
-                      "script-src 'self' 'unsafe-inline' 'unsafe-eval'; " + 
-                      "style-src 'self' 'unsafe-inline'; " +
-                      "img-src 'self' data:; " +
-                      "connect-src 'self' https://learnifymedhub-kc.hf.space; " +
-                      "frame-ancestors 'self' https://huggingface.co; " + // Allow HF to frame your app
-                      "form-action 'self';")
-              )
-              .referrerPolicy(referrer -> referrer
-                  .policy(org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
-              )
-              .permissionsPolicyHeader(permissions -> permissions
-                  .policy("geolocation=(), microphone=(), camera=(), payment=(), usb=()")
-              )
-          );
-          
-                  return http.build();
-              }
-          }
+            .oidcLogout(oidc -> oidc.backChannel(Customizer.withDefaults()));
+          return http.build();
+      }
+  }