Django application with middleware component that appends X-Frame-Options
output header to responses with a configurable value. It's very, very basic for now.
Install django-xframeoptions from the git repository:
pip install -e git://github.com/paulosman/django-xframeoptions#egg=xframeoptions
Add django-xframeoptions to your INSTALLED_APPS
in settings.py
:
INSTALLED_APPS = ( ... 'xframeoptions', ... )
Add xframeoptions.middleware.Header
to MIDDLEWARE_CLASSES
in settings.py
:
MIDDLEWARE_CLASSES = ( ... 'xframeoptions.middleware.Header', ... )
Optionally specify a value for the X-Frame-Options
header in settings.py
. Default is DENY
:
X_FRAME_OPTIONS = 'SAMEORIGIN'
Once installed, responses should have an X-Frame-Options
header with the value you specified in settings.py
or DENY
:
$ curl -D - http://localhost:8000 ... HTTP/1.0 200 OK Date: Tue, 17 Aug 2010 17:56:48 GMT Server: WSGIServer/0.1 Python/2.6.5 Vary: Cookie X-FRAME-OPTIONS: DENY Content-Type: text/html; charset=utf-8 Set-Cookie: csrftoken=670d5c08f178a4104daa4ec34bc5d11c; Max-Age=31449600; Path=