X-frame options exempt
Keenan Green
Hi,
I am having issues with X-frame options exempt. I keep getting the same chrome error:
“Refused to display 'https://www.google.com/' in a frame
because it set 'X-Frame-Options' to 'sameorigin'.”
In my application I have performed the following combination
of actions and still have the error :
- Removed X-frame middleware setting:
- Changed X-frame Options:
- Utilized decorator @xframe_options_exempt
- Although I am looking to use this in a template, I also tested Iframe directly in HTTPResponse
Settings.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
]
X_FRAME_OPTIONS = 'ALLOWALL'
Views.py
from django.shortcuts
import render
from django.http import HttpResponse
from django.views.decorators.clickjacking
import xframe_options_exempt
@xframe_options_exempt
def index(request):
return HttpResponse('<div id =
"sourceframe"><iframe id = "4" src =
"https://www.google.com/" width = "100%" height =
"100%"></iframe></div>')
bnmng
Keenan Green
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/8f4861ae-9441-4dec-a7da-92f2e18a3ca6n%40googlegroups.com.