mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-05-03 13:44:45 +00:00
Code Issues 32 Releases Wiki Activity

Refs #30426 -- Updated XFrameOptionsMiddleware docstring.

Browse Source 
Follow up to 05d0eca635853564c57e639ac5590674a7de2ed6.
This commit is contained in:
Clemens Wolff 2022-04-29 15:17:27 -04:00 committed by GitHub
parent b34238addc
commit f0ba799edf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
django/middleware/clickjacking.py
View File

@ -16,10 +16,10 @@ class XFrameOptionsMiddleware(MiddlewareMixin):
Do not set the header if it's already set or if the response contains Do not set the header if it's already set or if the response contains
a xframe_options_exempt value set to True. a xframe_options_exempt value set to True.
By default, set the X-Frame-Options header to 'SAMEORIGIN', meaning the By default, set the X-Frame-Options header to 'DENY', meaning the response
response can only be loaded on a frame within the same site. To prevent the cannot be displayed in a frame, regardless of the site attempting to do so.
response from being loaded in a frame in any site, set X_FRAME_OPTIONS in To enable the response to be loaded on a frame within the same site, set
your project's Django settings to 'DENY'. X_FRAME_OPTIONS in your project's Django settings to 'SAMEORIGIN'.
""" """
def process_response(self, request, response): def process_response(self, request, response):