Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #25338 from open-craft/nizar/xframe_allow_whitelist

Browse Source 
Sets default X-Frame-Options for login and registration forms to environment setting
This commit is contained in:
David Ormsbee
2020-12-18 12:39:08 -05:00
committed by GitHub
parent 54d5f7f394 6e0b304f65
commit bb0492e598
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
common/djangoapps/third_party_auth/decorators.py
View File

@@ -17,13 +17,13 @@ from common.djangoapps.third_party_auth.provider import Registry
def xframe_allow_whitelisted(view_func):
"""
Modifies a view function so that its response has the X-Frame-Options HTTP header
set to 'DENY' if the request HTTP referrer is not from a whitelisted hostname.
set to `settings.X_FRAME_OPTIONS` if the request HTTP referrer is not from a whitelisted hostname.
"""
def wrapped_view(request, *args, **kwargs):
""" Modify the response with the correct X-Frame-Options. """
resp = view_func(request, *args, **kwargs)
x_frame_option = 'DENY'
x_frame_option = settings.X_FRAME_OPTIONS
if settings.FEATURES['ENABLE_THIRD_PARTY_AUTH']:
referer = request.META.get('HTTP_REFERER')
if referer is not None: