1 from functools
import wraps
3 from django
.utils
.decorators
import available_attrs
6 def xframe_options_deny(view_func
):
8 Modifies a view function so its response has the X-Frame-Options HTTP
9 header set to 'DENY' as long as the response doesn't already have that
15 def some_view(request):
19 def wrapped_view(*args
, **kwargs
):
20 resp
= view_func(*args
, **kwargs
)
21 if resp
.get('X-Frame-Options', None) is None:
22 resp
['X-Frame-Options'] = 'DENY'
24 return wraps(view_func
, assigned
=available_attrs(view_func
))(wrapped_view
)
27 def xframe_options_sameorigin(view_func
):
29 Modifies a view function so its response has the X-Frame-Options HTTP
30 header set to 'SAMEORIGIN' as long as the response doesn't already have
35 @xframe_options_sameorigin
36 def some_view(request):
40 def wrapped_view(*args
, **kwargs
):
41 resp
= view_func(*args
, **kwargs
)
42 if resp
.get('X-Frame-Options', None) is None:
43 resp
['X-Frame-Options'] = 'SAMEORIGIN'
45 return wraps(view_func
, assigned
=available_attrs(view_func
))(wrapped_view
)
48 def xframe_options_exempt(view_func
):
50 Modifies a view function by setting a response variable that instructs
51 XFrameOptionsMiddleware to NOT set the X-Frame-Options HTTP header.
55 @xframe_options_exempt
56 def some_view(request):
60 def wrapped_view(*args
, **kwargs
):
61 resp
= view_func(*args
, **kwargs
)
62 resp
.xframe_options_exempt
= True
64 return wraps(view_func
, assigned
=available_attrs(view_func
))(wrapped_view
)