From ca560f954f7e0865eccb70d1573999c78b286fe3 Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Sun, 30 Dec 2012 12:42:54 -0600
Subject: Enable clickjacking protection via middleware

See https://docs.djangoproject.com/en/1.4/ref/clickjacking/ for details.
This middleware was added to the default configuration in Django 1.4.

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 settings.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/settings.py b/settings.py
index 7038a71b..ba1e301b 100644
--- a/settings.py
+++ b/settings.py
@@ -74,6 +74,7 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.http.ConditionalGetMiddleware',
     'django.middleware.doc.XViewMiddleware',
 )
@@ -99,6 +100,9 @@ MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage'
 SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
 SESSION_COOKIE_HTTPONLY = True
 
+# Clickjacking protection
+X_FRAME_OPTIONS = 'DENY'
+
 INSTALLED_APPS = (
     'django.contrib.auth',
     'django.contrib.contenttypes',
-- 
cgit v1.2.3-55-g3dc8