Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #18736 from edx/noraiz/EDUCATOR-3074_lms_setting

Browse Source 
set x_frame_option to deny in lms common env
This commit is contained in:
Noraiz Anwar
2018-08-07 17:15:53 +05:00
committed by GitHub
parent a5691b7cb6 22a6b08bda
commit 70d1ca4740
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lms/djangoapps/branding/tests/test_page.py
View File

@@ -72,22 +72,22 @@ class AnonymousIndexPageTest(ModuleStoreTestCase):
response = self.client.get('/')
self.assertEqual(response.status_code, 200)
@override_settings(X_FRAME_OPTIONS='ALLOW')
def test_allow_x_frame_options(self):
"""
Check the x-frame-option response header
"""
# check to see that the default setting is to ALLOW iframing
# check to see that the override value is honored
resp = self.client.get('/')
self.assertEquals(resp['X-Frame-Options'], 'ALLOW')
@override_settings(X_FRAME_OPTIONS='DENY')
def test_deny_x_frame_options(self):
"""
Check the x-frame-option response header
"""
# check to see that the override value is honored
# check to see that the default setting is to DENY iframing
resp = self.client.get('/')
self.assertEquals(resp['X-Frame-Options'], 'DENY')

4
lms/envs/common.py
View File

@@ -1302,8 +1302,8 @@ MIDDLEWARE_CLASSES = [
'openedx.core.djangoapps.site_configuration.middleware.SessionCookieDomainOverrideMiddleware',
]
# Clickjacking protection can be enabled by setting this to 'DENY'
X_FRAME_OPTIONS = 'ALLOW'
# Clickjacking protection can be disbaled by setting this to 'ALLOW'
X_FRAME_OPTIONS = 'DENY'
# Platform for Privacy Preferences header
P3P_HEADER = 'CP="Open EdX does not have a P3P policy."'