From ca560f954f7e0865eccb70d1573999c78b286fe3 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Sun, 30 Dec 2012 12:42:54 -0600 Subject: Enable clickjacking protection via middleware See https://docs.djangoproject.com/en/1.4/ref/clickjacking/ for details. This middleware was added to the default configuration in Django 1.4. Signed-off-by: Dan McGee --- settings.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/settings.py b/settings.py index 7038a71b..ba1e301b 100644 --- a/settings.py +++ b/settings.py @@ -74,6 +74,7 @@ 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.http.ConditionalGetMiddleware', 'django.middleware.doc.XViewMiddleware', ) @@ -99,6 +100,9 @@ SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db' SESSION_COOKIE_HTTPONLY = True +# Clickjacking protection +X_FRAME_OPTIONS = 'DENY' + INSTALLED_APPS = ( 'django.contrib.auth', 'django.contrib.contenttypes', -- cgit v1.2.3-54-g00ecf