85
You are going in the right direction, but exact decorator which you will need to achieve this is ‘xframe_options_exempt’.
from django.http import HttpResponse
from django.views.decorators.clickjacking import xframe_options_exempt
@xframe_options_exempt
def ok_to_load_in_a_frame(request):
return HttpResponse("This page is safe to load in a frame on any site.")
PS: DJango 1.6 is no longer supported. It is good time to get an upgrade.
26
Apparently you can set a rule in your settings telling the following:
X_FRAME_OPTIONS = 'ALLOW-FROM https://example.com/'
Also nowadays you should consider moving to CSP
Content-Security-Policy: frame-ancestors 'self' example.com *.example.net ;
- [Django]-How do I import the Django DoesNotExist exception?
- [Django]-What is the benefit of using a HyperlinkedModelSerializer in DRF?
- [Django]-How to exempt CSRF Protection on direct_to_template
0
If you want to allow the frame in specific view you can add Content-Security-Policy to your view response, so your code will be something like this
def MyView(request):
....
....
response = render(request,'MyViewHtml.html' ,{...})
response ['Content-Security-Policy'] = "frame-ancestors 'self' https://example.com"
- [Django]-PIL /JPEG Library: "decoder jpeg not available"
- [Django]-Django setUpTestData() vs. setUp()
- [Django]-Django FileField upload is not working for me
Source:stackexchange.com