summaryrefslogtreecommitdiffstats
path: root/settings.py
diff options
context:
space:
mode:
authorPhilip Sargent <philip.sargent@klebos.com>2021-05-04 14:17:07 +0100
committerPhilip Sargent <philip.sargent@klebos.com>2021-05-04 14:17:07 +0100
commit1d9d96f467b6f544326b87e1112326b6162b3fe1 (patch)
treec1444fa1599204a1d0f312a6d2be8b93f5228f69 /settings.py
parent56c3517328e32e64d2f0e16f3bbe811e53896a85 (diff)
downloadtroggle-1d9d96f467b6f544326b87e1112326b6162b3fe1.tar.gz
troggle-1d9d96f467b6f544326b87e1112326b6162b3fe1.tar.bz2
troggle-1d9d96f467b6f544326b87e1112326b6162b3fe1.zip
IFRAMES chnaged to DENY
Diffstat (limited to 'settings.py')
-rw-r--r--settings.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/settings.py b/settings.py
index 7f53835..218c27d 100644
--- a/settings.py
+++ b/settings.py
@@ -122,7 +122,7 @@ SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
# SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel, bug elsewhere?
# CSRF_COOKIE_SECURE = True # if enabled only sends cookies over SSL
-X_FRAME_OPTIONS = 'SAMEORIGIN' # change to "DENY" after we eliminate all the iframes e.g. /xmlvalid.html
+X_FRAME_OPTIONS = 'DENY' # changed to "DENY" after I eliminated all the iframes e.g. /xmlvalid.html
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' # from Django 3.2