From 42456e8e98bee298f874cd2e7f90d0666965807b Mon Sep 17 00:00:00 2001
From: Philip Sargent <philip.sargent@klebos.com>
Date: Tue, 28 Jul 2020 01:46:00 +0100
Subject: fix server instructions + comment in stats output

---
 settings.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'settings.py')

diff --git a/settings.py b/settings.py
index 78550d8..6c1bec1 100644
--- a/settings.py
+++ b/settings.py
@@ -100,7 +100,7 @@ SECURE_CONTENT_TYPE_NOSNIFF = True
 SECURE_BROWSER_XSS_FILTER = True
 #SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel
 CSRF_COOKIE_SECURE = True
-X_FRAME_OPTIONS = 'SAMEORIGIN'  # change to "DENY" after we eliminate all the iframes in use.
+X_FRAME_OPTIONS = 'SAMEORIGIN'  # change to "DENY" after we eliminate all the iframes e.g. /xmlvalid.html
 
 INSTALLED_APPS = (
     'django.contrib.admin',
@@ -124,7 +124,7 @@ MIDDLEWARE_CLASSES = (
     'django.contrib.auth.middleware.AuthenticationMiddleware',  # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest
     'django.contrib.admindocs.middleware.XViewMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support
-    'django.middleware.clickjacking.XFrameOptionsMiddleware', # lickjacking protection via the X-Frame-Options header
+    'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header
     'troggle.middleware.SmartAppendSlashMiddleware' # Outdated & unneeded?
 )
 
-- 
cgit v1.2.3