Django XFrameOptionsMiddleware (X-Frame-Options) - allow iframe by client IP

拜拜、爱过 提交于 2019-12-24 04:33:08

问题


I'm using Django XFrameOptionsMiddleware to control clickjacking, but I have a customer that needs to be able to browse the app in an iframe from within their network. I want to be able to apply (or remove) the xframe_options_exempt decorator from within the view method.


回答1:


Best approach is to override get_xframe_options_value. XFRAME_EXEMPT_IPS is a glob_list in my case to detect allowable networks using fnmatch (192.168.*).

class TFXFrameOptionsMiddleware(XFrameOptionsMiddleware):
    def get_xframe_options_value(self, request, response):
        if request.META['REMOTE_ADDR'] in settings.XFRAME_EXEMPT_IPS:
            return 'ALLOWALL' # non standard, equivalent to omitting
        return getattr(settings, 'X_FRAME_OPTIONS', 'SAMEORIGIN').upper()


来源:https://stackoverflow.com/questions/25773005/django-xframeoptionsmiddleware-x-frame-options-allow-iframe-by-client-ip

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!