Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#24896 closed Cleanup/optimization (fixed)

Clickjacking doc doesn't specify middleware/view decorator behaviour when X-Frame-Options header is already set.

Reported by: wsot Owned by: nobody
Component: Documentation Version: 1.8
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

On the page https://docs.djangoproject.com/en/1.8/ref/clickjacking/ it is not specified what the behaviour of the view decorators and middleware is when the X-Frame-Options HTTP header is already present.
(The behaviour is that if the header is already present, it is left unmodified)

Change History (2)

comment:1 by Tim Graham <timograham@…>, 10 years ago

Resolution: fixed
Status: newclosed

In 0b5fb8e:

Fixed #24896 -- Doc'd clickjacking protection doesn't overwrite X-Frame-Options header.

comment:2 by Tim Graham <timograham@…>, 10 years ago

In 3b41850:

[1.8.x] Fixed #24896 -- Doc'd clickjacking protection doesn't overwrite X-Frame-Options header.

Backport of 0b5fb8e72c74e41d250f35c8c3df3f3a13d367f3 from master

Note: See TracTickets for help on using tickets.
Back to Top