Add X-FRAME_OPTIONS header to protect against Clickjacking

Enables the django.middleware.clickjacking.XFrameOptionsMiddleware middleware class with the default X-Frame-Options header SAMEORIGIN. More details here: https://docs.djangoproject.com/en/dev/ref/clickjacking/ Change-Id: Ic06fdf0b79c9cd245c12ed1f4438af9a4b52ad03 Fixes: bug #1118327
openstack · Feb 15, 2013 · 2b3d829 · 2b3d829
1 parent efff047
commit 2b3d829
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/openstack_dashboard/settings.py b/openstack_dashboard/settings.py
@@ -74,6 +74,7 @@
     'horizon.middleware.HorizonMiddleware',
     'django.middleware.doc.XViewMiddleware',
     'django.middleware.locale.LocaleMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 )
 
 TEMPLATE_CONTEXT_PROCESSORS = (