WebAppSec/MozSecureWorld: Difference between revisions

Jump to navigation Jump to search

WebAppSec/MozSecureWorld (view source)

Revision as of 00:37, 10 June 2011

568 bytes added ,  10 June 2011
→‎See that x/frame-option is denied
Line 89: Line 89:
</html>
</html>
Connection closed by foreign host.
Connection closed by foreign host.
</pre>
==== Where playdoh set x-frame-option to "deny" ====
It's in ''vendor/src/commonware/commonware/response/middleware.py''
<pre>
from django.conf import settings
class FrameOptionsHeader(object):
    """
    Set an X-Frame-Options header. Default to DENY. Set
    response['x-frame-options'] = 'SAMEORIGIN'
    to override.
    """
    def process_response(self, request, response):
        if hasattr(response, 'no_frame_options'):
            return response
        if not 'x-frame-options' in response:
            response['x-frame-options'] = 'DENY'
</pre>
</pre>


Haoqili
67

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/317645"

Navigation menu