3👍
You got something wrong here if I understand well. X-Frame-Options
is about the browser honouring your header on whether your site will be allowed within an iframe rather than allowing a third site within your iframe.
Respectively, this happens from the other site’s headers. So for example facebook has set the above header to DENY
and therefore any browser honouring this will not allow your site to present it no matter what your site’s headers are.
9👍
Remove django.middleware.clickjacking.XFrameOptionsMiddleware
from MIDDLEWARE
list in settings.py
- Django how to make form fields optional
- Rename response fields django rest framework serializer
- Django redirect using reverse() to a URL that relies on query strings
- Self.model() in django custom UserManager
4👍
I have a couple of Django sites and someone wanted to show them in an iframe. It was not possible because of the “x-frame-options” header values is always SAMEORIGIN. I could not remove the “x-frame-options” header value no matter what I did.
So finally I decided to do the last resort solution, which is to modify httpd.conf. I added this line:
Header always set X-Frame-Options ALLOWALL
And it is shown in an iframe.
- Pycharm (Python IDE) doesn't auto complete Django modules
- Django: How to add an extra form to a formset after it has been constructed?
- Django can't access raw_post_data
- How can I get all the objects in a Django model that have a specific value for a ForeignKey field?
- Passing a user, request to forms