#36160: Django serve view does not respect X_FRAME_OPTIONS = "SAMEORIGIN"
-------------------------------------+-------------------------------------
Reporter: Mirat Can Bayrak | Owner: (none)
Type: Uncategorized | Status: closed
Component: contrib.staticfiles | Version: 5.1
Severity: Normal | Resolution: needsinfo
Keywords: static, headers | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sarah Boyce):
* resolution: => needsinfo
* status: new => closed
Comment:
Can you share a minimal reproducible example/code snippets?
There is a
[https://docs.djangoproject.com/en/5.1/ref/clickjacking/#setting-x-frame-
options-for-all-responses section which documents] how you can use either
the `X_FRAME_OPTIONS` setting or the `@xframe_options_exempt` decorator to
customize the behavior. I would need to know whether you are using these
and what the results are.
--
Ticket URL: <https://code.djangoproject.com/ticket/36160#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070194b71295ef-40487dde-d3ba-4be1-b9de-240235b4e2a0-000000%40eu-central-1.amazonses.com.
