8👍
✅
Best approach is to override get_xframe_options_value. XFRAME_EXEMPT_IPS is a glob_list in my case to detect allowable networks using fnmatch (192.168.*).
class TFXFrameOptionsMiddleware(XFrameOptionsMiddleware):
def get_xframe_options_value(self, request, response):
if request.META['REMOTE_ADDR'] in settings.XFRAME_EXEMPT_IPS:
return 'ALLOWALL' # non standard, equivalent to omitting
return getattr(settings, 'X_FRAME_OPTIONS', 'SAMEORIGIN').upper()
Source:stackexchange.com