diff --git a/data/database.mv.db b/data/database.mv.db
deleted file mode 100644
index e208ce2..0000000
Binary files a/data/database.mv.db and /dev/null differ
diff --git a/dev-assistant-service/src/main/java/com/devassistant/framework/security/SecurityConfiguration.java b/dev-assistant-service/src/main/java/com/devassistant/framework/security/SecurityConfiguration.java
index aabf6d6..3fb1bf3 100644
--- a/dev-assistant-service/src/main/java/com/devassistant/framework/security/SecurityConfiguration.java
+++ b/dev-assistant-service/src/main/java/com/devassistant/framework/security/SecurityConfiguration.java
@@ -12,6 +12,7 @@ import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -39,20 +40,24 @@ public class SecurityConfiguration {
         http
                 // 禁用 csrf
                 .csrf(AbstractHttpConfigurer::disable)
+                .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin))
                 // 允许跨域
                 .cors(Customizer.withDefaults())
-                // 禁用 form 登录
-                .formLogin(AbstractHttpConfigurer::disable)
                 // 禁用 httpBasic 登录
                 .httpBasic(AbstractHttpConfigurer::disable)
                 // 禁用 logout
                 .logout(AbstractHttpConfigurer::disable)
+
                 // 禁用 session
                 .sessionManagement(s -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 // 异常处理
                 .exceptionHandling(e -> e.authenticationEntryPoint(authEntryPoint))
                 // 访问控制
-                .authorizeHttpRequests(authorize -> authorize.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll().requestMatchers("/error").permitAll().anyRequest().access((authentication, object) -> getAuthorizationDecision(object)));
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers(HttpMethod.OPTIONS, "/**")
+                        .permitAll().requestMatchers("/error")
+                        .permitAll().requestMatchers("/h2-console/**")
+                        .permitAll().anyRequest().access((authentication, object) -> getAuthorizationDecision(object)));
 
         return http.build();
     }
diff --git a/dev-assistant-service/src/main/resources/application.yml b/dev-assistant-service/src/main/resources/application.yml
index 90a762f..3b7fe41 100644
--- a/dev-assistant-service/src/main/resources/application.yml
+++ b/dev-assistant-service/src/main/resources/application.yml
@@ -3,7 +3,15 @@ spring:
     name: dev-assistant-service
   datasource:
     url: jdbc:h2:file:./data/database
+    driver-class-name: org.h2.Driver
+    username: sa
+    password: 123456
+
+  h2:
+    console:
+      enabled: true
+      path: /h2-console
 
 file:
   upload-dir: ./data/files
-  password: 0105
\ No newline at end of file
+  password: 0105