Django XFrameOptionsMiddleware (X-Frame-Options) - allow iframe by client IP -
i'm using django xframeoptionsmiddleware control clickjacking, have customer needs able browse app in iframe within network. want able apply (or remove) xframe_options_exempt decorator within view method.
best approach override get_xframe_options_value. xframe_exempt_ips glob_list in case detect allowable networks using fnmatch (192.168.*).
class tfxframeoptionsmiddleware(xframeoptionsmiddleware): def get_xframe_options_value(self, request, response): if request.meta['remote_addr'] in settings.xframe_exempt_ips: return 'allowall' # non standard, equivalent omitting return getattr(settings, 'x_frame_options', 'sameorigin').upper()
Comments
Post a Comment