问题
I'm trying to enable django to allow one specific view to be embedded on external sites, preferabilly without sites restrictions.
In my views.py file, I have added the following code, where the view futurebig is the one I want to enable to be embedded:
from django.views.decorators.clickjacking import xframe_options_sameorigin
...
@xframe_options_sameorigin
def futurebig(request):
...
return render_to_response('templates/iframe/future_clock_big.html', context_dict, context)
which doesn't help as I understand because it only enables embedding in the same server.
How can I set the headers for that specific view to enable it to be embedded in any website?
For the record, I'm just a frontend developer, the backend developer who developed the site is no longer working with me and refused to document his code, so, If anyone could help me and explain carefully where and what modifications I should do, I'll apreciatte it very much.
Thanks.
As far as I know, the Django version is 1.6
回答1:
You are going in the right direction, but exact decorator which you will need to achieve this is 'xframe_options_exempt'.
from django.http import HttpResponse
from django.views.decorators.clickjacking import xframe_options_exempt
@xframe_options_exempt
def ok_to_load_in_a_frame(request):
return HttpResponse("This page is safe to load in a frame on any site.")
PS: DJango 1.6 is no longer supported. It is good time to get an upgrade.
回答2:
Apparently you can set a rule in your settings telling the following:
X_FRAME_OPTIONS = 'ALLOW-FROM https://example.com/'
Also nowadays you should consider moving to CSP
Content-Security-Policy: frame-ancestors 'self' example.com *.example.net ;
See https://stackoverflow.com/a/25617678/186202
来源:https://stackoverflow.com/questions/33267383/how-to-configure-x-frame-options-in-django-to-allow-iframe-embedding-of-one-view