mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Refs #31949 -- Made @xframe_options_(deny/sameorigin/exempt) decorators to work with async functions.

Browse Source
This commit is contained in:
Ben Lomax
2023-04-26 07:08:33 +01:00
committed by Mariusz Felisiak
parent b43936f2ec
commit 00f5d2d110
6 changed files with 144 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/ref/clickjacking.txt
View File

@@ -90,6 +90,11 @@ that tells the middleware not to set the header::
iframe, you may need to modify the :setting:`CSRF_COOKIE_SAMESITE` or
:setting:`SESSION_COOKIE_SAMESITE` settings.
.. versionchanged:: 5.0
Support for wrapping asynchronous view functions was added to the
``@xframe_options_exempt`` decorator.
Setting ``X-Frame-Options`` per view
------------------------------------
@@ -113,6 +118,11 @@ decorators::
Note that you can use the decorators in conjunction with the middleware. Use of
a decorator overrides the middleware.
.. versionchanged:: 5.0
Support for wrapping asynchronous view functions was added to the
``@xframe_options_deny`` and ``@xframe_options_sameorigin`` decorators.
Limitations
===========