From 3b41850adcce29b0c2e64d9c6f3d34ffcc7d750b Mon Sep 17 00:00:00 2001
From: Simeon J Morgan <smorgan@digitalfeed.net>
Date: Tue, 2 Jun 2015 14:11:01 +1000
Subject: [PATCH] [1.8.x] Fixed #24896 -- Doc'd clickjacking protection doesn't
 overwrite X-Frame-Options header.

Backport of 0b5fb8e72c74e41d250f35c8c3df3f3a13d367f3 from master
---
 docs/ref/clickjacking.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt
index 5ce26ba43b..f236673cd0 100644
--- a/docs/ref/clickjacking.txt
+++ b/docs/ref/clickjacking.txt
@@ -45,6 +45,9 @@ site:
 2. A set of view decorators that can be used to override the middleware or to
    only set the header for certain views.
 
+The ``X-Frame-Options`` HTTP header will only be set by the middleware or view
+decorators if it is not already present in the response.
+
 How to use it
 =============