[Fixed]-How to remove the Xframe Options header in django?

3👍

You got something wrong here if I understand well. X-Frame-Options is about the browser honouring your header on whether your site will be allowed within an iframe rather than allowing a third site within your iframe.

Respectively, this happens from the other site’s headers. So for example facebook has set the above header to DENY and therefore any browser honouring this will not allow your site to present it no matter what your site’s headers are.

👤Wtower

9👍

Remove django.middleware.clickjacking.XFrameOptionsMiddleware from MIDDLEWARE list in settings.py

4👍

I have a couple of Django sites and someone wanted to show them in an iframe. It was not possible because of the “x-frame-options” header values is always SAMEORIGIN. I could not remove the “x-frame-options” header value no matter what I did.

So finally I decided to do the last resort solution, which is to modify httpd.conf. I added this line:

  Header always set X-Frame-Options ALLOWALL

And it is shown in an iframe.

👤yoshi

Leave a comment