diff options
author | Dan McGee <dan@archlinux.org> | 2012-12-30 12:42:54 -0600 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2012-12-30 12:44:35 -0600 |
commit | ca560f954f7e0865eccb70d1573999c78b286fe3 (patch) | |
tree | f078c35523cfa4c85fde19bc3d7ee15ac057007b | |
parent | 39a603bf65c4aec780e4711074e9ed27fb7c301e (diff) |
Enable clickjacking protection via middleware
See https://docs.djangoproject.com/en/1.4/ref/clickjacking/ for details.
This middleware was added to the default configuration in Django 1.4.
Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r-- | settings.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/settings.py b/settings.py index 7038a71b..ba1e301b 100644 --- a/settings.py +++ b/settings.py @@ -74,6 +74,7 @@ MIDDLEWARE_CLASSES = ( 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.http.ConditionalGetMiddleware', 'django.middleware.doc.XViewMiddleware', ) @@ -99,6 +100,9 @@ MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage' SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db' SESSION_COOKIE_HTTPONLY = True +# Clickjacking protection +X_FRAME_OPTIONS = 'DENY' + INSTALLED_APPS = ( 'django.contrib.auth', 'django.contrib.contenttypes', |