mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 19:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #14261 - Added clickjacking protection (X-Frame-Options header)

Browse source 
Many thanks to rniemeyer for the patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-05-30 22:27:47 +00:00
parent dc4c2f3add
commit 524c5fa07a
13 changed files with 453 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
docs/ref/settings.txt
View file

@ -2023,6 +2023,17 @@ See :tfilter:`allowed date format strings <date>`. See also
:setting:`DATE_FORMAT`, :setting:`DATETIME_FORMAT`, :setting:`TIME_FORMAT`
and :setting:`MONTH_DAY_FORMAT`.
.. setting:: X_FRAME_OPTIONS
X_FRAME_OPTIONS
---------------
Default: ``'SAMEORIGIN'``
The default value for the X-Frame-Options header used by
:class:`~django.middleware.clickjacking.XFrameOptionsMiddleware`. See the
:doc:`clickjacking protection </ref/clickjacking/>` documentation.
Deprecated settings
===================