From dd9e10f750a8d19e4067090e5a6205654ad81913 Mon Sep 17 00:00:00 2001
From: noraiz-anwar <noraizbhatti@gmail.com>
Date: Mon, 6 Aug 2018 16:31:49 +0500
Subject: [PATCH] exempt discussion upload from xframe deny

---
 lms/djangoapps/django_comment_client/base/views.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lms/djangoapps/django_comment_client/base/views.py b/lms/djangoapps/django_comment_client/base/views.py
index a896b4db3f..6980c1359a 100644
--- a/lms/djangoapps/django_comment_client/base/views.py
+++ b/lms/djangoapps/django_comment_client/base/views.py
@@ -11,6 +11,7 @@ from django.core import exceptions
 from django.http import Http404, HttpResponse, HttpResponseServerError
 from django.utils.translation import ugettext as _
 from django.views.decorators import csrf
+from django.views.decorators.clickjacking import xframe_options_exempt
 from django.views.decorators.http import require_GET, require_POST
 from opaque_keys.edx.keys import CourseKey
 from six import text_type
@@ -742,6 +743,7 @@ def unfollow_commentable(request, course_id, commentable_id):
 @require_POST
 @login_required
 @csrf.csrf_exempt
+@xframe_options_exempt
 def upload(request, course_id):  # ajax upload file to a question or answer
     """view that handles file upload via Ajax
     """