Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sets default X-Frame-Options for login and registration forms to X_FRAME_OPTIONS environment setting

Browse Source
This commit is contained in:
Nizar Mahmoud
2020-11-18 20:04:46 +03:00
parent 0db4fb0ffe
commit 6e0b304f65
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
common/djangoapps/third_party_auth/decorators.py
View File

@@ -17,13 +17,13 @@ from common.djangoapps.third_party_auth.provider import Registry
def xframe_allow_whitelisted(view_func):
"""
Modifies a view function so that its response has the X-Frame-Options HTTP header
set to 'DENY' if the request HTTP referrer is not from a whitelisted hostname.
set to `settings.X_FRAME_OPTIONS` if the request HTTP referrer is not from a whitelisted hostname.
"""
def wrapped_view(request, *args, **kwargs):
""" Modify the response with the correct X-Frame-Options. """
resp = view_func(request, *args, **kwargs)
x_frame_option = 'DENY'
x_frame_option = settings.X_FRAME_OPTIONS
if settings.FEATURES['ENABLE_THIRD_PARTY_AUTH']:
referer = request.META.get('HTTP_REFERER')
if referer is not None: