From dd757d7bfbaeb60427a6ef40a5721f0e6677cace Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Tue, 26 Feb 2013 18:42:23 +0000
Subject: [PATCH] Enable clickjacking protection in default settings file

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 settings.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/settings.py b/settings.py
index b477e8c..90bdac0 100644
--- a/settings.py
+++ b/settings.py
@@ -105,9 +105,13 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'reversion.middleware.RevisionMiddleware',
 )
 
+# Clickjacking protection
+X_FRAME_OPTIONS = 'DENY'
+
 from django.conf.global_settings import TEMPLATE_CONTEXT_PROCESSORS as TCP
 TEMPLATE_CONTEXT_PROCESSORS = TCP + (
     'django.core.context_processors.request',