How to configure X-Frame-Options in Django to allow iframe embedding of one view?

Apparently you can set a rule in your settings telling the following:

X_FRAME_OPTIONS = 'ALLOW-FROM https://example.com/'

Also nowadays you should consider moving to CSP

Content-Security-Policy: frame-ancestors 'self' example.com *.example.net ;

See https://stackoverflow.com/a/25617678/186202

You are going in the right direction, but exact decorator which you will need to achieve this is 'xframe_options_exempt'.

from django.http import HttpResponse
from django.views.decorators.clickjacking import xframe_options_exempt

@xframe_options_exempt
def ok_to_load_in_a_frame(request):
    return HttpResponse("This page is safe to load in a frame on any site.")

PS: DJango 1.6 is no longer supported. It is good time to get an upgrade.

How to configure X-Frame-Options in Django to allow iframe embedding of one view?

Tags:

Django

Http Headers

Iframe

X Frame Options

Related

Recent Posts