summaryrefslogtreecommitdiffstats
path: root/settings.py
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2012-12-30 12:42:54 -0600
committerDan McGee <dan@archlinux.org>2012-12-30 12:44:35 -0600
commitca560f954f7e0865eccb70d1573999c78b286fe3 (patch)
treef078c35523cfa4c85fde19bc3d7ee15ac057007b /settings.py
parent39a603bf65c4aec780e4711074e9ed27fb7c301e (diff)
downloadarchweb-ca560f954f7e0865eccb70d1573999c78b286fe3.tar.gz
archweb-ca560f954f7e0865eccb70d1573999c78b286fe3.zip
Enable clickjacking protection via middleware
See https://docs.djangoproject.com/en/1.4/ref/clickjacking/ for details. This middleware was added to the default configuration in Django 1.4. Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'settings.py')
-rw-r--r--settings.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/settings.py b/settings.py
index 7038a71b..ba1e301b 100644
--- a/settings.py
+++ b/settings.py
@@ -74,6 +74,7 @@ MIDDLEWARE_CLASSES = (
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.http.ConditionalGetMiddleware',
'django.middleware.doc.XViewMiddleware',
)
@@ -99,6 +100,9 @@ MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage'
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
SESSION_COOKIE_HTTPONLY = True
+# Clickjacking protection
+X_FRAME_OPTIONS = 'DENY'
+
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',