#14261: Add middleware for setting X-Frame-Options HTTP header in responses
------------------------------------+---------------------------------------
Reporter: rniemeyer | Owner: rniemeyer
Status: assigned | Milestone:
Component: HTTP handling | Version: 1.2
Resolution: | Keywords: clickjacking
x_frame_options
Stage: Accepted | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
------------------------------------+---------------------------------------
Changes (by lrekucki):
* needs_better_patch: 0 => 1
Comment:
It would be good to have a decorator to disable this - something that
works like {{{csrf_excempt}}}, but it should allow you to choose between
'deny', 'sameorigin' or disabling it all together. I have at least one
form that's embedded in client's page via an IFrame, so if I understand
correctly adding this would prevent it from working correctly.
--
Ticket URL: <http://code.djangoproject.com/ticket/14261#comment:4>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
