WebAppSec/MozSecureWorld: Difference between revisions

Jump to navigation Jump to search

WebAppSec/MozSecureWorld (view source)

Revision as of 00:37, 10 June 2011

1,008 bytes added ,  10 June 2011
→‎Where playdoh set x-frame-option to "deny"
Line 93: Line 93:


==== Where playdoh set x-frame-option to "deny" ====
==== Where playdoh set x-frame-option to "deny" ====
It's in ''vendor/src/commonware/commonware/response/middleware.py''
It's in ''vendor/src/commonware/commonware/response/middleware.py''
<pre>
<pre>
Line 112: Line 110:
         if not 'x-frame-options' in response:
         if not 'x-frame-options' in response:
             response['x-frame-options'] = 'DENY'
             response['x-frame-options'] = 'DENY'
</pre>
Also see ''vendor/src/commonware/commonware/response/decorators.py''
<pre>
from functools import wraps
from django.utils.decorators import available_attrs
def xframe_sameorigin(view_fn):
    @wraps(view_fn, assigned=available_attrs(view_fn))
    def _wrapped_view(request, *args, **kwargs):
        response = view_fn(request, *args, **kwargs)
        response['x-frame-options'] = 'SAMEORIGIN'
        return response
    return _wrapped_view
def xframe_allow(view_fn):
    @wraps(view_fn, assigned=available_attrs(view_fn))
    def _wrapped_view(request, *args, **kwargs):
        response = view_fn(request, *args, **kwargs)
        response.no_frame_options = True
        return response
    return _wrapped_view
def xframe_deny(view_fn):
    @wraps(view_fn, assigned=available_attrs(view_fn))
    def _wrapped_view(request, *args, **kwargs):
        response = view_fn(request, *args, **kwargs)
        response['x-frame-options'] = 'DENY'
        return response
    return _wrapped_view
</pre>
</pre>


Haoqili
67

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/317647"

Navigation menu