Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Take advantage of XFrameOptionsMiddleware.

  • Loading branch information...
commit ff559f6a1ee54ebdb3545fed5c68e5687dbbad0f 1 parent d3bd281
@aaugustin aaugustin authored
Showing with 1 addition and 3 deletions.
  1. +1 −3 django_www/settings.py
View
4 django_www/settings.py
@@ -105,6 +105,7 @@
MIDDLEWARE_CLASSES = [
'djangosecure.middleware.SecurityMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
@@ -199,9 +200,6 @@
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
SECURE_SSL_REDIRECT = False
- # This breaks SVG embedding in docs.
- # TODO: switch to X_FRAME_OPTIONS = 'SAMEORIGIN' in Django 1.4
- # SECURE_FRAME_DENY = True
SECURE_HSTS_SECONDS = 600
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTOCOL", "SSL")

0 comments on commit ff559f6

Please sign in to comment.
Something went wrong with that request. Please try again.