diff options
Diffstat (limited to 'settings.py')
| -rw-r--r-- | settings.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/settings.py b/settings.py index 78550d8..6c1bec1 100644 --- a/settings.py +++ b/settings.py @@ -100,7 +100,7 @@ SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_BROWSER_XSS_FILTER = True #SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel CSRF_COOKIE_SECURE = True -X_FRAME_OPTIONS = 'SAMEORIGIN' # change to "DENY" after we eliminate all the iframes in use. +X_FRAME_OPTIONS = 'SAMEORIGIN' # change to "DENY" after we eliminate all the iframes e.g. /xmlvalid.html INSTALLED_APPS = ( 'django.contrib.admin', @@ -124,7 +124,7 @@ MIDDLEWARE_CLASSES = ( 'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest 'django.contrib.admindocs.middleware.XViewMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support - 'django.middleware.clickjacking.XFrameOptionsMiddleware', # lickjacking protection via the X-Frame-Options header + 'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header 'troggle.middleware.SmartAppendSlashMiddleware' # Outdated & unneeded? ) |