Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Take advantage of XFrameOptionsMiddleware.

  • Loading branch information...
commit ff559f6a1ee54ebdb3545fed5c68e5687dbbad0f 1 parent d3bd281
Aymeric Augustin authored February 07, 2013

Showing 1 changed file with 1 addition and 3 deletions. Show diff stats Hide diff stats

  1. 4  django_www/settings.py
4  django_www/settings.py
@@ -105,6 +105,7 @@
105 105
 
106 106
 MIDDLEWARE_CLASSES = [
107 107
     'djangosecure.middleware.SecurityMiddleware',
  108
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
108 109
     'django.contrib.sessions.middleware.SessionMiddleware',
109 110
     'django.contrib.messages.middleware.MessageMiddleware',
110 111
     'django.middleware.csrf.CsrfViewMiddleware',
@@ -199,9 +200,6 @@
199 200
     SESSION_COOKIE_SECURE = True
200 201
     SESSION_COOKIE_HTTPONLY = True
201 202
     SECURE_SSL_REDIRECT = False
202  
-    # This breaks SVG embedding in docs.
203  
-    # TODO: switch to X_FRAME_OPTIONS = 'SAMEORIGIN' in Django 1.4
204  
-    # SECURE_FRAME_DENY = True
205 203
     SECURE_HSTS_SECONDS = 600
206 204
     SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTOCOL", "SSL")
207 205
 

0 notes on commit ff559f6

Please sign in to comment.
Something went wrong with that request. Please try again.