Question about Django X_FRAME_OPTIONS setting
Hi I have a question about Django X_FRAME_OPTIONS setting, I am wondering how to set X_FRAME_OPTIONS to allow from, and how to specify a list of hosts that are able to display my page in their frames? Thanks in advance -- ⚡ Chen Xu ⚡ -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACac-qYf7dQ6W1%3DimEyBFrKDVU7s2C2HjN0y5HWwvXHeQVe6Sw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Question about Django X_FRAME_OPTIONS setting
Hi Chen, Do you really need to set it via Django? Usually it's done via web-server (nginx/apache/etc) What about Django - I think you can use HttpResponse object and update header in default way: response['X_FRAME_OPTIONS'] = "value" See additional examples here: https://docs.djangoproject.com/en/dev/ref/request-response/#setting-header-fields - Dmitry On Tuesday, January 7, 2014 7:48:52 PM UTC+3, Chen Xu wrote: > > Hi > > I have a question about Django X_FRAME_OPTIONS setting, I am wondering how > to set X_FRAME_OPTIONS to allow from, and how to specify a list of hosts > that are able to display my page in their frames? > > > Thanks in advance > > -- > ⚡ Chen Xu ⚡ > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3c00bc6a-f82c-4a24-ade4-77484e7d91fd%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Question about Django X_FRAME_OPTIONS setting
Ah thanks, good point. There are different ways of doing it, I am just wondering if Django itself have ALLOW_FROM as a valid value since it has deny and sameorigin. On Wed, Jan 8, 2014 at 3:41 PM, ernando wrote: > Hi Chen, > > Do you really need to set it via Django? Usually it's done via web-server > (nginx/apache/etc) > > What about Django - I think you can use HttpResponse object and update > header in default way: > response['X_FRAME_OPTIONS'] = "value" > > See additional examples here: > https://docs.djangoproject.com/en/dev/ref/request-response/#setting-header-fields > > - Dmitry > > > On Tuesday, January 7, 2014 7:48:52 PM UTC+3, Chen Xu wrote: >> >> Hi >> >> I have a question about Django X_FRAME_OPTIONS setting, I am wondering >> how to set X_FRAME_OPTIONS to allow from, and how to specify a list of >> hosts that are able to display my page in their frames? >> >> >> Thanks in advance >> >> -- >> ⚡ Chen Xu ⚡ >> > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/3c00bc6a-f82c-4a24-ade4-77484e7d91fd%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- ⚡ Chen Xu ⚡ -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACac-qYjHHT6iNVsRA5zGb1y%3D9gKTZXNzdC8g10JpaP3oPT4TQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
