Added FrameOptionsHeader middleware to forbid iframing Secret Squirre…

…l. Bug 568768.
mozilla · Aug 24, 2010 · f2364b5 · f2364b5
1 parent 68f660c
commit f2364b5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/requirements/prod.txt b/requirements/prod.txt
@@ -2,6 +2,7 @@
 Django==1.2.1
 -e git://github.com/jbalogh/django-multidb-router.git#egg=django-multidb-router
 -e git://github.com/jbalogh/jingo.git#egg=jingo
+-e git://github.com/jsocol/commonware.git#egg=commonware
 
 # Caching
 python-memcached==1.45
diff --git a/settings.py b/settings.py
@@ -121,6 +121,8 @@ def JINJA_CONFIG():
     'django.middleware.csrf.CsrfResponseMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
+
+    'commonware.middleware.FrameOptionsHeader',
 )
 
 ROOT_URLCONF = '%s.urls' % ROOT_PACKAGE
@@ -134,7 +136,6 @@ def JINJA_CONFIG():
     'django.contrib.messages',
 
     'cas_provider',
-
     'registration',
     'sso',
     'users',