diff options
author | django-bot <ops@djangoproject.com> | 2023-02-28 20:53:28 +0100 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2023-03-01 13:03:56 +0100 |
commit | 14459f80ee3a9e005989db37c26fd13bb6d2fab2 (patch) | |
tree | eb62429ed696ed3a5389f3a676aecfc6d15a99cc /docs/ref/clickjacking.txt | |
parent | 6015bab80e28aef2669f6fac53423aa65f70cb08 (diff) | |
download | django-14459f80ee3a9e005989db37c26fd13bb6d2fab2.tar.gz |
Fixed #34140 -- Reformatted code blocks in docs with blacken-docs.
Diffstat (limited to 'docs/ref/clickjacking.txt')
-rw-r--r-- | docs/ref/clickjacking.txt | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt index 6f505e2fae..f9bec591a7 100644 --- a/docs/ref/clickjacking.txt +++ b/docs/ref/clickjacking.txt @@ -59,7 +59,7 @@ To set the same ``X-Frame-Options`` value for all responses in your site, put MIDDLEWARE = [ ..., - 'django.middleware.clickjacking.XFrameOptionsMiddleware', + "django.middleware.clickjacking.XFrameOptionsMiddleware", ..., ] @@ -70,7 +70,7 @@ By default, the middleware will set the ``X-Frame-Options`` header to ``DENY`` for every outgoing ``HttpResponse``. If you want any other value for this header instead, set the :setting:`X_FRAME_OPTIONS` setting:: - X_FRAME_OPTIONS = 'SAMEORIGIN' + X_FRAME_OPTIONS = "SAMEORIGIN" When using the middleware there may be some views where you do **not** want the ``X-Frame-Options`` header set. For those cases, you can use a view decorator @@ -79,6 +79,7 @@ that tells the middleware not to set the header:: from django.http import HttpResponse from django.views.decorators.clickjacking import xframe_options_exempt + @xframe_options_exempt def ok_to_load_in_a_frame(request): return HttpResponse("This page is safe to load in a frame on any site.") @@ -99,10 +100,12 @@ decorators:: from django.views.decorators.clickjacking import xframe_options_deny from django.views.decorators.clickjacking import xframe_options_sameorigin + @xframe_options_deny def view_one(request): return HttpResponse("I won't display in any frame!") + @xframe_options_sameorigin def view_two(request): return HttpResponse("Display in a frame if it's from the same origin as me.") |