diff --git a/src/main/java/io/spring/api/security/WebSecurityConfig.java b/src/main/java/io/spring/api/security/WebSecurityConfig.java
index a404af0..ed34d30 100644
--- a/src/main/java/io/spring/api/security/WebSecurityConfig.java
+++ b/src/main/java/io/spring/api/security/WebSecurityConfig.java
@@ -36,7 +36,11 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
             .antMatchers(HttpMethod.GET, "/articles/feed").authenticated()
             .antMatchers(HttpMethod.POST, "/users", "/users/login").permitAll()
             .antMatchers(HttpMethod.GET, "/articles/**", "/profiles/**", "/tags").permitAll()
-            .anyRequest().authenticated();
+            .antMatchers("/h2-console", "/h2-console/**")
+            .permitAll()
+            .anyRequest().authenticated()
+            .and()
+            .headers().frameOptions().sameOrigin();
 
         http.addFilterBefore(jwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
     }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 418eeaa..d35287c 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -4,4 +4,5 @@ jwt.secret=nRvyYC4soFxBdZ-F-5Nnzz5USXstR1YylsTd-mA0aKtI9HUlriGrtkf-TiuDapkLiUCog
 jwt.sessionTime=86400
 mybatis.config-location=classpath:mybatis-config.xml
 mybatis.mapper-locations=mapper/*.xml
-logging.level.io.spring.infrastructure.mybatis.readservice.ArticleReadService=DEBUG
\ No newline at end of file
+logging.level.io.spring.infrastructure.mybatis.readservice.ArticleReadService=DEBUG
+spring.h2.console.enabled=true
\ No newline at end of file