[1.8.x] Fixed #24896 -- Doc'd clickjacking protection doesn't overwrite X-Frame-Options header.
Backport of 0b5fb8e72c from master
This commit is contained in:
Simeon J Morgan
Tim Graham
parent
aefa3a6a03
commit
3b41850adc
|
|
@ -45,6 +45,9 @@ site:
|
||||||
2. A set of view decorators that can be used to override the middleware or to
|
2. A set of view decorators that can be used to override the middleware or to
|
||||||
only set the header for certain views.
|
only set the header for certain views.
|
||||||
|
|
||||||
|
The ``X-Frame-Options`` HTTP header will only be set by the middleware or view
|
||||||
|
decorators if it is not already present in the response.
|
||||||
|
|
||||||
How to use it
|
How to use it
|
||||||
=============
|
=============
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue