OLD | NEW |
(Empty) | |
| 1 from functools import wraps |
| 2 |
| 3 from django.utils.decorators import available_attrs |
| 4 |
| 5 |
| 6 def xframe_options_deny(view_func): |
| 7 """ |
| 8 Modifies a view function so its response has the X-Frame-Options HTTP |
| 9 header set to 'DENY' as long as the response doesn't already have that |
| 10 header set. |
| 11 |
| 12 e.g. |
| 13 |
| 14 @xframe_options_deny |
| 15 def some_view(request): |
| 16 ... |
| 17 """ |
| 18 def wrapped_view(*args, **kwargs): |
| 19 resp = view_func(*args, **kwargs) |
| 20 if resp.get('X-Frame-Options') is None: |
| 21 resp['X-Frame-Options'] = 'DENY' |
| 22 return resp |
| 23 return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view) |
| 24 |
| 25 |
| 26 def xframe_options_sameorigin(view_func): |
| 27 """ |
| 28 Modifies a view function so its response has the X-Frame-Options HTTP |
| 29 header set to 'SAMEORIGIN' as long as the response doesn't already have |
| 30 that header set. |
| 31 |
| 32 e.g. |
| 33 |
| 34 @xframe_options_sameorigin |
| 35 def some_view(request): |
| 36 ... |
| 37 """ |
| 38 def wrapped_view(*args, **kwargs): |
| 39 resp = view_func(*args, **kwargs) |
| 40 if resp.get('X-Frame-Options') is None: |
| 41 resp['X-Frame-Options'] = 'SAMEORIGIN' |
| 42 return resp |
| 43 return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view) |
| 44 |
| 45 |
| 46 def xframe_options_exempt(view_func): |
| 47 """ |
| 48 Modifies a view function by setting a response variable that instructs |
| 49 XFrameOptionsMiddleware to NOT set the X-Frame-Options HTTP header. |
| 50 |
| 51 e.g. |
| 52 |
| 53 @xframe_options_exempt |
| 54 def some_view(request): |
| 55 ... |
| 56 """ |
| 57 def wrapped_view(*args, **kwargs): |
| 58 resp = view_func(*args, **kwargs) |
| 59 resp.xframe_options_exempt = True |
| 60 return resp |
| 61 return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view) |
OLD | NEW |