Enable clickjacking protection in default settings file

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2025-07-19 20:59:01 +02:00 · 2013-02-26 18:42:23 +00:00 · 2013-02-26 18:42:23 +00:00 · dd757d7bfb
commit dd757d7bfb
parent 5b9f65880d
1 changed files with 4 additions and 0 deletions
--- a/settings.py
+++ b/settings.py
@ -105,9 +105,13 @@ MIDDLEWARE_CLASSES = (
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'reversion.middleware.RevisionMiddleware',
 )

+# Clickjacking protection
+X_FRAME_OPTIONS = 'DENY'
+
 from django.conf.global_settings import TEMPLATE_CONTEXT_PROCESSORS as TCP
 TEMPLATE_CONTEXT_PROCESSORS = TCP + (
    'django.core.context_processors.request',