p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[3.0.x] Fixed #30732 -- Doc'd that SameSite cookies flags can affect xframe_options_exempt. 

Backport of e8ad265ac8 from master
This commit is contained in:
Jezeniel Zapanta 2019-09-16 18:13:06 +08:00 committed by Mariusz Felisiak
parent 2362f27265
commit 9510af35fc
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/ref/clickjacking.txt
View File

@ -88,6 +88,11 @@ that tells the middleware not to set the header::
def ok_to_load_in_a_frame(request): def ok_to_load_in_a_frame(request):
return HttpResponse("This page is safe to load in a frame on any site.") return HttpResponse("This page is safe to load in a frame on any site.")
.. note::
If you want to submit a form or access a session cookie within a frame or
iframe, you may need to modify the :setting:`CSRF_COOKIE_SAMESITE` or
:setting:`SESSION_COOKIE_SAMESITE` settings.
Setting ``X-Frame-Options`` per view Setting ``X-Frame-Options`` per view
------------------------------------ ------------------------------------